Ransomware 2.0: Posing Threat Beyond Data Hostage

For the last three decades, we know ransomware as suspicious software that makes your data and systems inaccessible till the time attackers are paid to unlock it. The frequency of ransomware attacks keeps on increasing every year. In 2021, Cybersecurity Ventures revealed that the economic damage from ransomware could be around $20 billion.

Evolution Of Ransomware

The First Ransomware Attack

The first ransomware attack was launched in 1989, when a biological researcher, Dr. Joseph L. Popp developed the AIDS Trojan. A floppy disk labeled “AIDS Information Introductory Diskette” was sent to the WHO AIDS conference and PC Business World magazine subscribers with software installation instructions.

Users actually installed malware with encrypting file names on the C-drive that requested a subscription fee payment of $189 a year or $378 lifetime to an account in Panama for file names decryption. However, it was easy to crack- as symmetric encryption was used in this attack. The solution existed in the code itself.

The Blockers

In the 1990s and 2000s, cryptographers Adam L. Young and Moti Yung defended an idea of asymmetric encryption, which protected the key.

They also suggested that victims should pay the ransom via electronic payment systems.

Attackers had their best time in the late 2000s, where users were blocked out of their computing systems. To neutralize the malware, particular manual actions were performed by the users, i.e. use of different profiles to log in.

Hybrid Ransomware

In the 2010s, the concept of hybrid ransomware emerged. This method used to combine a blocker with a cryto malware. It used to be sent via emails and they embedded Bitcoin as a payment mode for ransom. From 2015, Cryptomalware started to prevail over blockers and attackers insisted that they be paid with cryptocurrency.

Moving forward in 2016, attackers also started targeting corporations. It caused massive damage to the affected corporations. The destruction caused by WannaCry malware was around $4 billion and NotPetya exceeded $10 billion. A new record was set in 2017 when a South Korean web host Nayana paid $1 million ransom to get Erebus-infected computers unblocked.

From 2018 to 2019, cybersecurity specialists dealt with a large number of attacks on community facilities. In 2018, Bristol Airport in the UK had to face such an attack where attackers demanded huge ransom amounts as experts couldn’t control the situation for a long time.

Ransomware 2.0

In 2020, attackers devised a hybrid approach. Enter Ransomware 2.0. It can breach your data security, and steal all your data before encrypting them. If the victim rejects the ransom for decryption, attackers can disclose the data to competitors or publicly leak personal information which is called “extortionware“.

F-Secure observed that nearly 40% of new ransomware attackers steal and encrypt the data. In 2019, only one group was known as using this method. By the end of 2020, 15 different groups followed the same method.

Transform Hospital Group was one of the well-known victims of ransomware 2.0. 900GB of data of the weight loss and cosmetic surgery chain was stolen and encrypted by the REvil hacker group. They also stole pictures of patients before and after the surgeries and threatened to release them publicly.

When it decides to target an individual, Ransomware 2.0 uses public embarrassment. For organizations, they threaten to leak critical information. This is known as “extortionware”. It can cause irreparable reputation and operational damage to an organization.

Notable Trends

Some notable trends describing the ransomware evolution in the new decade include:

Increase in ransom demands. Last year, the average loss per attack increased to $8,100, but the average amount for victims affected by Maze ransomware rushed to $2.5 million almost.

Targeting networks. Ransomware such as Ryuk, WastedLocker and REvil threaten to hack entire networks. They can install powerful persistent malware and attack corporate backups.

Spear-phishing. Using this tool, an attacker can enter the enterprise networks. Performed via sending emails, targeted phishing like a recent incident where 200 million Microsoft Office 365 users used the exact domain spoofing tactic. Since the start of the pandemic, such attacks have surged by 67%.

Attacks on healthcare and government. The impact of ransomware on healthcare (123%) and government (21%) sectors intensified during the Pandemic. As per Comparitech, US government organizations encountered 246 ransomware attacks in 2020, affecting more than 173 million people. It also caused $53 billion loss in recovery costs and downtime.

Final Thought

These incidents call for attention to keep a secured backup of company data, as well as cloud backup and powerful restoration processes.

As Pandemic introduced us to a new normal and more and more people are working from home, organizations should protect their data by restricting access to corporate data. Only fewer people should have access to such data from home. They also need to have high authentication standards in place.

Organizations should rigidly follow the Zero Trust approach for cyber security. If an attack is unavoidable, make sure there is continuous tracking on any malicious activity and an emergency plan to handle the situation.