Like what you've read?

On Line Opinion is the only Australian site where you get all sides of the story. We don't
charge, but we need your support. Here�s how you can help.

  • Advertise

    We have a monthly audience of 70,000 and advertising packages from $200 a month.

  • Volunteer

    We always need commissioning editors and sub-editors.

  • Contribute

    Got something to say? Submit an essay.

 The National Forum   Donate   Your Account   On Line Opinion   Forum   Blogs   Polling   About   
On Line Opinion logo ON LINE OPINION - Australia's e-journal of social and political debate


On Line Opinion is a not-for-profit publication and relies on the generosity of its sponsors, editors and contributors. If you would like to help, contact us.


RSS 2.0

Important stages of ransomware evolution

By David Balaban - posted Wednesday, 23 December 2020

From rudimentary screen lockers to sophisticated digital predators that haunt large computer networks, ransomware has matured into a terrifying cyber-crime phenomenon over the years. As if malicious data encryption were not destructive enough, these attacks now involve data breaches and DDoS threats. They are also intertwined with a great deal of pressure through fraudulent ad campaigns on social media, making victims deal with serious reputational risks.

This article will give you the lowdown on the main milestones in the evolution of ransomware. It will also provide effective protection tips that will help you stay on the safe side.

Screen lockers make their debut


Early strains of mainstream ransomware did not encrypt data. Instead, they displayed scary alerts stating that the user had been violating copyright or distributing prohibited materials such as child pornography.

FBI-themed ransomwarebecame the wake-up call. It emerged in 2012 and locked victims out of their Windows desktops or web browsers, showing a ransom screen that impersonated the famous law enforcement agency. The message would demand a fee amounting to $100 worth of Ukash or MoneyPak prepaid cards.

To create a false sense of legitimacy, the underlying Trojan called Reveton determined the victim's IP address, OS version, and geographic location and displayed this information on the lock screen. Fortunately, these culprits were ridiculously easy to defeat. Restoring the system to an earlier state or running a garden-variety antivirus tool in Safe Mode did the trick.

Encryption kicks in

A game-changing tweak in extortionists' modus operandi took place in 2013. They started leveraging ciphers to scramble victims' data. CryptoLocker was the first-ever ransomware species that implemented this tactic.

It did the rounds through contagious attachments arriving with malicious spam messages disseminated by the infamous GameOver Zeusbotnet. The pest used the asymmetric RSA cryptosystem that could not be cracked without the private key stored on the crooks' Command & Control (C2) server. It also pioneered in accepting Bitcoin as a payment method.


In the summer of 2014, the CryptoLocker campaign came to a standstill due to a well-coordinated international police initiative dubbed Operation Tovar. However, it showed that the extortion model with encryption at its heart was viable and encouraged bad actors to launch numerous copycats and new Trojans that followed in the footsteps of the progenitor, including CTB-Locker and CryptoWall.

Ransomware-as-a-Service causes an extortion boom

In 2015, a few high-profile extortionist groups switched to a clever tactic known as Ransomware-as-a-Service (RaaS). It was an affiliate scheme of a kind, where the creators of these dodgy programs allowed other criminals to take up the distribution role and shared the earnings. The developers' cut could reach 40% of every ransom, and the rest would go to the malefactors who deposited the harmful code on a computer.

  1. Pages:
  2. Page 1
  3. 2
  4. 3
  5. 4
  6. All

Discuss in our Forums

See what other readers are saying about this article!

Click here to read & post comments.

2 posts so far.

Share this:
reddit this reddit thisbookmark with Del.icio.usdigg thisseed newsvineSeed NewsvineStumbleUpon StumbleUponsubmit to propellerkwoff it

About the Author

David Balaban is a computer security researcher with over 10 years of experience in malware analysis and antivirus software evaluation. David runs the project.

Other articles by this Author

All articles by David Balaban

Creative Commons LicenseThis work is licensed under a Creative Commons License.

Article Tools
Comment 2 comments
Print Printable version
Subscribe Subscribe
Email Email a friend

About Us Search Discuss Feedback Legals Privacy