Important stages of ransomware evolution

From rudimentary screen lockers to sophisticated digital predators that haunt large computer networks, ransomware has matured into a terrifying cyber-crime phenomenon over the years. As if malicious data encryption were not destructive enough, these attacks now involve data breaches and DDoS threats. They are also intertwined with a great deal of pressure through fraudulent ad campaigns on social media, making victims deal with serious reputational risks.

This article will give you the lowdown on the main milestones in the evolution of ransomware. It will also provide effective protection tips that will help you stay on the safe side.

Screen lockers make their debut

Early strains of mainstream ransomware did not encrypt data. Instead, they displayed scary alerts stating that the user had been violating copyright or distributing prohibited materials such as child pornography.

FBI-themed ransomwarebecame the wake-up call. It emerged in 2012 and locked victims out of their Windows desktops or web browsers, showing a ransom screen that impersonated the famous law enforcement agency. The message would demand a fee amounting to $100 worth of Ukash or MoneyPak prepaid cards.

To create a false sense of legitimacy, the underlying Trojan called Reveton determined the victim's IP address, OS version, and geographic location and displayed this information on the lock screen. Fortunately, these culprits were ridiculously easy to defeat. Restoring the system to an earlier state or running a garden-variety antivirus tool in Safe Mode did the trick.

Encryption kicks in

A game-changing tweak in extortionists' modus operandi took place in 2013. They started leveraging ciphers to scramble victims' data. CryptoLocker was the first-ever ransomware species that implemented this tactic.

It did the rounds through contagious attachments arriving with malicious spam messages disseminated by the infamous GameOver Zeusbotnet. The pest used the asymmetric RSA cryptosystem that could not be cracked without the private key stored on the crooks' Command & Control (C2) server. It also pioneered in accepting Bitcoin as a payment method.

In the summer of 2014, the CryptoLocker campaign came to a standstill due to a well-coordinated international police initiative dubbed Operation Tovar. However, it showed that the extortion model with encryption at its heart was viable and encouraged bad actors to launch numerous copycats and new Trojans that followed in the footsteps of the progenitor, including CTB-Locker and CryptoWall.

Ransomware-as-a-Service causes an extortion boom

In 2015, a few high-profile extortionist groups switched to a clever tactic known as Ransomware-as-a-Service (RaaS). It was an affiliate scheme of a kind, where the creators of these dodgy programs allowed other criminals to take up the distribution role and shared the earnings. The developers' cut could reach 40% of every ransom, and the rest would go to the malefactors who deposited the harmful code on a computer.