Story behind the hacking method and what comes next

Ransomware is now a billion-dollar industry. But it wasn't at all times this big – nor was it a widespread cybersecurity risk prefer it is today.

Dating back to the Nineteen Eighties, ransomware is a type of malware utilized by cybercriminals to lock files on an individual's computer and demand payment to unlock them.

The technology – which officially celebrated its thirty fifth anniversary on December 12 – has come a good distance, with criminals now in a position to spread ransomware rather more quickly and deploy it on multiple targets.

Cybercriminals collected $1 billion in extorted cryptocurrency payments of ransomware victims in 2023 – a record high, in line with data from blockchain evaluation firm Chainalysis.

Experts expect ransomware to proceed to evolve, with modern cloud computing technology, artificial intelligence and geopolitics shaping the longer term.

The first event considered a ransomware attack occurred in 1989.

A hacker physically mailed floppy disks claiming they contained software that would help determine whether someone was prone to developing AIDS.

However, when installed, the software hid directories and encrypted filenames on users' computers after rebooting them 90 times.

A ransom note was then displayed demanding that a bank check be sent to an address in Panama as a way to obtain a license to revive the files and directories.

The program became known within the cybersecurity community because the “AIDs Trojan.”

“It was the primary ransomware and it was created from someone’s imagination. It wasn't something anyone had read or researched about,” said Martin Lee, EMEA head of Talos, the cyber threat intelligence arm of IT equipment giant Cisco. said CNBC in an interview.

“It was just never discussed before. There wasn’t even the theoretical concept of ransomware.”

The perpetrator, a Harvard-educated biologist named Joseph Popp, was caught and arrested. However, after exhibiting erratic behavior, he was found unfit to stand trial and returned to the United States.

Since the emergence of the AIDs Trojan, ransomware has evolved significantly. In 2004, a threat actor attacked Russian citizens with a criminal ransomware program now known as “GPCode.”

The program was delivered to people via email – an attack method now commonly known as “phishing.” Users, tempted by the promise of an attractive career offer, downloaded an attachment containing malware disguised as an application form.

Once opened, the attachment downloaded and installed malware on the victim's computer, scanned the file system, encrypted files, and requested payment via wire transfer.

Then, in the early 2010s, ransomware hackers turned to cryptocurrency as a payment method.

In 2013, just a few years after Bitcoin was introduced, the CryptoLocker ransomware emerged.

Hackers who targeted people with this program demanded payment in either Bitcoin or prepaid cash vouchers – but it was an early example of crypto becoming the currency of choice for ransomware attackers.

More prominent examples of ransomware attacks that chose crypto as the ransom payment method of choice later included companies like WannaCry and Petya.

“Cryptocurrencies offer many advantages to the bad guys precisely because it is a way to transfer value and money outside of the regulated banking system in an anonymous and immutable way,” Lee told CNBC. “Once someone has paid you, that payment cannot be reversed.”

CryptoLocker also became known in the cybersecurity community as one of the earliest examples of a “ransomware-as-a-service” operation – that is, a ransomware service that developers sell to more novice hackers for a fee to allow them to run it to enable attacks.

“In the early 2010s, we saw this surge in professionalization,” Lee said, adding that the gang behind CryptoLocker was “very successful in carrying out the crime.”

As the ransomware industry continues to evolve, experts believe hackers will find more and more ways to use the technology to exploit companies and individuals.

Ransomware will be around by 2031 The victims are expected to cost a combined $265 billion annuallyaccording to a report from Cybersecurity Ventures.

Some experts fear that AI has lowered the barrier to entry for criminals looking to create and use ransomware. Generative AI tools like OpenAI's ChatGPT allow everyday internet users to insert text-based queries and queries and receive sophisticated, human-like answers in response – and many programmers even use it to help them write code.

Mike Beck, Darktrace's chief information security officer, told CNBC's “Squawk Box Europe” that there is a “huge opportunity” for AI – both in arming cybercriminals and in improving the productivity and operations of cybersecurity companies.

“We need to equip ourselves with the same tools that the bad guys use,” Beck said. “The bad guys will use the same tools that are used today in all of these changes.”

But Lee doesn't think AI poses as big a ransomware risk as many think.

“There are a lot of hypotheses that AI is very good for social engineering,” Lee told CNBC. “However, if you look at the attacks that are out there and that seem to work, it tends to be the simplest ones that are so successful.”

A serious threat to watch out for in the future could be hackers targeting cloud systems that allow companies to store data and host websites and apps remotely from far-flung data centers.

“We haven't seen a lot of ransomware attacks on cloud systems yet, and I think that's likely to be the future as we move forward,” Lee said.

According to Lee, we could eventually see ransomware attacks that encrypt or deny access to cloud assets by changing credentials or using identity-based attacks to deny users access.

Geopolitics is also expected to play a key role in the development of ransomware in the coming years.

“Over the past decade, the distinction between criminal ransomware and nation-state attacks has become increasingly blurred, and ransomware is becoming a geopolitical weapon that can be used as a tool of geopolitics to disrupt organizations in countries perceived to be hostile,” Lee said.

“I think we’ll probably see more of that,” he added. “It is fascinating to see how the criminal world can be used by a nation state to do its bidding.”

Another risk that Lee says is becoming increasingly important is autonomously distributed ransomware.

“There's still scope for there to be more ransomware that spreads autonomously – possibly not all the pieces that comes their way, but limited to a particular domain or a particular organization,” he told CNBC.

Lee also expects ransomware-as-a-service to grow rapidly.

“I think we will see increasing professionalization of the ransomware ecosystem, moving almost exclusively towards the ransomware-as-a-service model,” he said.

But while the way criminals use ransomware will continue to evolve, the actual architecture of the technology is unlikely to change too drastically in the coming years.

“Aside from RaaS providers and those using stolen or obtained toolchains, credentials and system access have proven effective,” Jake King, head of security at internet search company Elastic, told CNBC.

“Until more obstacles emerge for adversaries, we will likely continue to see the same patterns.”