Old Ransomware vs new ransomware generations

Ransomware, which is made up of the words ransom and malware, is a form of malware that can be found on computers. It’s a malware program that was designed from the start to encrypt critical files and then retrieve them by keeping the encrypted files hostage.

While views differ about whether ransomware was the first, the ‘AIDS.trojan’, also known as the ‘AIDS floppy incident,’ is widely considered as the first ransomware. It was distributed using a floppy disk that was widely used in 1989. In this situation, a floppy disk containing malicious code was sent to almost 20,000 individuals all over the world, and when the software was updated, it prompted the implementation of’a program that can verify the possibility of AIDS/HIV infection,’ which was a social problem at the time. It operated in a rather straightforward manner: after locking the computer, a message prompting you to send money appeared on the phone.

Furthermore, contrary to the new ransomware payment system, ransomware author Joseph Popp was quickly apprehended since the remittance destination was specifically specified.

image source: mcafee.com

As a result, early ransomware was created in the form of a relatively simple malware that used a symmetric encryption technique that could be decrypted, was easy to detect and restore with an antivirus, and was not very profitable due to its short lifespan. Furthermore, it took a long time for cybercriminals to recognize ransomware as a criminal means or benefit mechanism, so it was relatively easy to monitor and apprehend offenders who mostly used mail, canon bankbooks, and online payment systems to request ransom money.

CryptoLocker, which emerged in the second half of 2013, is an example of how ransomware has developed over time, fully fortified with numerous and powerful functions. One of CryptoLocker’s most powerful features is that it encrypts files with 2,048-bit RSA encryption, rendering them impossible to decrypt. Second, it was the first to use the notorious Gameover Zeus botnet as a fast-disseminating delivery tool.

The third and most prominent feature is that Bitcoin was used as a form of ransom payment. This has the issue of increasing the extent of harm so it will escape investigators’ eyes by using the anonymity aspect of cryptocurrencies. Cryptolockers’ strong attack characteristics have since developed themselves as typical ransomware attack techniques, and they continue to exist in numerous variants to this day.

WannaCry, a form of ransomware that has developed in this manner, captured the interest of people all over the world in May 2017. WannaCry infects machines by exploiting the Microsoft (MS) Windows operating system’s Server Message Block (SMB) loophole. WannaCry infects around 2.5 billion machines around the world in a few days by discovering and infecting other computers in the network. It has been described as the most effective and lethal ransomware ever discovered.

Ransomware production and distribution has recently taken on a more formal and structured nature, which has been dubbed “Ransomware-as-a-Service” (RaaS). A systematic ransomware development agency service in the form of making ransomware for an individual (client) who wants to benefit by ransom money and collecting a certain amount as a commission or a certain portion of the ransom value as a stake is known as ransomware as a service (producer). You certainly will. With the release of’Cerber’ in 2016, ransomware as a service started to gain popularity, and Cerber ransomware is now recognised as the most active and destructive ransomware sold online.

When different versions of the Cerber ransomware emerged, it was confirmed to have caused a great deal of harm both at home and abroad, suggesting that the threat of ransomware as a service is still present.

As a result of evaluating malicious codes obtained in 2020 via the KAIST Cyber Security Research Center’s malicious site detection system (SIMon), Trojan (47 percent), Ransomware (35 percent), Backdoor (13 percent), and Others ( 5 percent) were found, with the amount of ransomware increasing by 10% relative to 2019. Furthermore, it was discovered that WannaCry and Petya ransomware, both of which are versions of service ransomware, dominated the ransomware acquired in 2020.

Ransomware, which is also in its infancy, is a straightforward method of compressing and encrypting files. It has a number of advanced technologies, including the deletion of the device reconstruction drive, MBR damage, network and server extension, cooperation with virtual currencies, and Tor (The Onion Router). It’s evolving into malware with a variety of malicious characteristics. Furthermore, the vulnerability of ransomware is showing a rising pattern of malicious ransomware that demands a high ransom in exchange for leaking company properties and confidential data to the planet, not just for file recovery. In this particular day, it seems to be more extreme.

Because of COVID-19, the use of non-face-to-face IT services has exploded in our culture, and as remote work becomes more widespread, the severity of cyber threats is at an all-time high. Furthermore, due to the latest cryptocurrency craze, the threat of ransomware is projected to continue to escalate, despite the steady increase in ransomware operation. You will be able to keep our precious data away from the emerging ransomware if you follow the ransomware protections, such as backing up sensitive data and preserving the current versions of operating systems and programs.