Cybercriminals extort millions through ransomware attacks, but everything started from a floppy disk received by mail.
Imagine opening your laptop only to find that you have no access to your data. It’s all been encrypted by malicious ransomware and will remain locked unless you pay a ransom, which could be millions of dollars.
As frightening as it sounds, this scenario is becoming increasingly likely. This particular ransomware business model has been thriving, with cybercriminals perfecting their craft by the day.
In 2024, the average ransom demand reached $2 million, and cybercriminals, in total, have extorted billions of dollars worldwide. That’s not going to slow down anytime soon, as Cybersecurity Ventures predicts ransomware will cost its victims around $265 billion annually by 2031.
Who could believe that everything started 35 years ago with a simple floppy disk sent in the mail? As we approach the anniversary of ransomware, let’s look back into the history of this notorious cyberthreat.
The first ransomware distributed on floppy disk
The “father of ransomware” is considered to be Dr. Joseph Popp, an evolutionary biologist with a doctorate from Harvard. He is behind the ransomware virus that was distributed on floppy disks by the postal service in December 1989.
The malware was called the AIDS Trojan, or Aids Info Drive, and was sent by mail to 20,000 attendees of the World Health Organisation’s (WHO) AIDS conference in Stockholm across 90 countries.
Once inserted into a computer system, the floppy disk hijacked AUTOEXE.BAT and altered it to count the number of reboots. Once the counter reached 90, the program prompted the user to renew a license to continue using the system.
The attack was eventually linked to Popp, and he was named on a New Scotland Yard arrest warrant.
Expanding threat landscape
Since its inception, newer strains have emerged, but ransomware remains one of the biggest cybersecurity threats to enterprises today.
“Whilst threat actors have changed their tactics, their motives remain the same – money and disruption,” Kevin Curran, IEEE senior member and professor of cybersecurity at Ulster University, told Cybernews.
“With the earlier forms of ransomware, the impact was downtime or unavailable data. Now, there are far more aggressive strains, such as double- or even triple-extortion tactics.
Curran lays down the evolution of ransomware as a global threat. Seven years ago, WannaCry became one of the first global cyber-attacks, solidifying ransomware as a major cyber threat.
In 2021, the attack on the Colonial Pipeline in the USA highlighted the severe impact ransomware could have on critical national infrastructure (CNI), as it disrupted a system responsible for 50 percent of North America's fuel supply.
Ransomware-as-a-service (RaaS) has also become a business model where threat actors offer predeveloped ransomware or malware in the form of ‘pay-for-use’ and training.
“Sadly, cybercrime has steadily become an industry where some groups have cybercrime units typical of any large legitimate business, such as partner networks, associates, resellers, and vendors. In fact, they even have dedicated call centers, which are typically used to help with requests from ransomware victims,” he commented. “The question is no longer ‘if’ an organization will be targeted, but when.
What shapes the ransomware scene now?
Curran names notorious ransomware gangs like Black Cat, LockBit, Cl0p, Revil, and Conti ransomware groups as the “masterminds” that shaped the ransomware field.
Cl0p is behind the Moveit heist, which occurred when the gang attacked a popular file transfer system, affecting multiple prominent organizations.
Cybernews reminds its readers that Revil was dismantled by Russian authorities in 2022. The ALPHV/BlackCat ransomware gang’s dark website appeared to be seized this year; however, rumors surfaced that the Russian-linked cartel may have faked its own takedown. The gang's activity shows that it might have been true.
According to the Cybernews Ransomlooker tool, the most active ransomware gangs this year were:
Your email address will not be published. Required fields are markedmarked