Ransomware is 35 years old and now a billion-dollar problem. Here’s how it could evolve
As the ransomware industry evolves, experts are predicting hackers will only continue to find more and more ways of using the technology to exploit businesses and individuals.
Seksan Mongkhonkhamsao | Moment | Getty Images
Ransomware is now a billion-dollar industry. But it wasn’t always that large — nor was it a prevalent cybersecurity risk like it is today.
Dating back to the 1980s, ransomware is a form of malware used by cybercriminals to lock files on a person’s computer and demand payment to unlock them.
The technology — which officially turned 35 on Dec. 12 — has come a long way, with criminals now able to spin up ransomware much faster and deploy it across multiple targets.
Cybercriminals raked in $1 billion of extorted cryptocurrency payments from ransomware victims in 2023 — a record high, according to data from blockchain analysis firm Chainalysis.
Experts expect ransomware to continue evolving, with modern-day cloud computing tech, artificial intelligence and geopolitics shaping the future.
How did ransomware come about?
The first event considered to be a ransomware attack happened in 1989.
A hacker physically mailed floppy disks claiming to contain software that could help determine whether someone was at risk of developing AIDs.
However, when installed, the software would hide directories and encrypt file names on people’s computers after they’d rebooted 90 times.
It would then display a ransom note requesting a cashier’s check to be sent to an address in Panama for a license to restore the files and directories.
The program became known by the cybersecurity community as the “AIDs Trojan.”
“It was the first ransomware and it came from someone’s imagination. It wasn’t something that they’d read about or that had been researched,” Martin Lee, EMEA lead for Talos, the cyber threat intelligence division of IT equipment giant Cisco, told CNBC in an interview.
“Prior to that, it was just never discussed. There wasn’t even the theoretical concept of ransomware.”
The perpetrator, a Harvard-taught biologist named Joseph Popp, was caught and arrested. However, after displaying erratic behavior, he was found unfit to stand trial and returned to the United States.
How ransomware has developed
Since the AIDs Trojan emerged, ransomware has evolved a great deal. In 2004, a threat actor targeted Russian citizens with a criminal ransomware program known today as “GPCode.”
The program was delivered to people via email — an attack method today commonly known as “phishing.” Users, tempted with the promise of an attractive career offer, would download an attachment which contained malware disguising itself as a job application form.
Once opened, the attachment downloaded and installed malware on the victim’s computer, scanning the file system and encrypting files and demanding payment via wire transfer.
Then, in the early 2010s, ransomware hackers turned to crypto as a method of payment.
In 2013, only a few years after the creation of bitcoin, the CryptoLocker ransomware emerged.
Hackers targeting people with this program demanded payment in either bitcoin or prepaid cash vouchers — but it was an early example of how crypto became the currency of choice for ransomware attackers.
Later, more prominent examples of ransomware attacks that selected crypto as the ransom payment method of choice included the likes of WannaCry and Petya.
“Cryptocurrencies provide many advantages for the bad guys, precisely because it is a way of transferring value and money outside of the regulated banking system in a way that is anonymous and immutable,” Lee told CNBC. “If somebody’s paid you, that payment can’t be rolled back.”
CryptoLocker also became notorious in the cybersecurity community as one of the earliest examples of a “ransomware-as-a-service” operation — that is, a ransomware service sold by developers to more novice hackers for a fee to allow them to carry out attacks.
“In the early 2010s, we have this increase in professionalization,” Lee said, adding that the gang behind CryptoLocker were “very successful in operating the crime.”
What’s next for ransomware?
As the ransomware industry evolves even further, experts are predicting hackers will only continue to find more and more ways of using the technology to exploit businesses and individuals.
By 2031, ransomware is predicted to cost victims a combined $265 billion annually, according to a report from Cybersecurity Ventures.
Some experts worry AI has lowered the barrier to entry for criminals looking to create and use ransomware. Generative AI tools like OpenAI’s ChatGPT allow everyday internet users to insert text-based queries and requests and get sophisticated, humanlike answers in response — and many programmers are even using it to help them write code.
Mike Beck, chief information security officer of Darktrace, told CNBC’s “Squawk Box Europe” there’s a “huge opportunity” for AI — both in arming the cybercriminals and improving productivity and operations within cybersecurity companies.
“We have to arm ourselves with the same tools that the bad guys are using,” Beck said. “The bad guys are going to be using the same tooling that is being used alongside all that kind of change today.”
But Lee doesn’t think AI poses as severe a ransomware risk as many would think.
“There’s a lot of hypothesis about AI being very good for social engineering,” Lee told CNBC. “However, when you look at the attacks that are out there and clearly working, it tends to be the simplest ones that are so successful.”
Targeting cloud systems
A serious threat to watch out for in future could be hackers targeting cloud systems, which enable businesses to store data and host websites and apps remotely from far-flung data centers.
“We haven’t seen an awful lot of ransomware hitting cloud systems, and I think that’s likely to be the future as it progresses,” Lee said.
We could eventually see ransomware attacks that encrypt cloud assets or withhold access to them by changing credentials or using identity-based attacks to deny users access, according to Lee.
Geopolitics is also expected to play a key role in the way ransomware evolves in the years to come.
“Over the last 10 years, the distinction between criminal ransomware and nation-state attacks is becoming increasingly blurred, and ransomware is becoming a geopolitical weapon that can be used as a tool of geopolitics to disrupt organizations in countries perceived as hostile,” Lee said.
“I think we’re probably going to see more of that,” he added. “It’s fascinating to see how the criminal world could be co-opted by a nation state to do its bidding.”
Another risk Lee sees gaining traction is autonomously distributed ransomware.
“There is still scope for there to be more ransomwares out there that spread autonomously — perhaps not hitting everything in their path but limiting themselves to a specific domain or a specific organization,” he told CNBC.
Lee also expects ransomware-as-a-service to expand rapidly.
“I think we will increasingly see the ransomware ecosystem becoming increasingly professionalized, moving almost exclusively towards that ransomware-as-a-service model,” he said.
But even as the ways criminals use ransomware are set to evolve, the actual makeup of the technology isn’t expected to change too drastically in the coming years.
“Outside of RaaS providers and those leveraging stolen or procured toolchains, credentials and system access have proven to be effective,” Jake King, security lead at internet search firm Elastic, told CNBC.
“Until further roadblocks appear for adversaries, we will likely continue to observe the same patterns.”
Super Micro Computer CEO Charles Liang at the Computex conference in Taipei, Taiwan, on June 5, 2024.
Annabelle Chih | Bloomberg | Getty Images
Super Micro Computer gave optimistic commentary for its fiscal 2026 and delayed annual report that overshadowed its slashed fiscal 2025 revenue guidance in Tuesday’s preliminary second-quarter results.
CEO Charles Liang said he is “confident” that the company will file its delayed annual report by the U.S. Securities and Exchange Commission’s Feb. 25 deadline. The company also said it expects to hit $40 billion in revenue in fiscal 2026. Analysts polled by LSEG expected $30 billion in revenue for the period.
Shares of Super Micro were up as much as 10% in extended trading.
For the near term, however, the company slashed its guidance for fiscal 2025 revenue. The company said it expects revenues to range between $23.5 billion to $25 billion for fiscal 2025. That was down from a previous forecast of $26 billion and $30 billion. Analysts polled by LSEG expected revenues of $24.9 billion for the year.
The company also said it expects to report net sales between $5.6 billion and $5.7 billion for the quarter that ended Dec. 31. Wall Street expected $5.89 billion, according to analysts polled by LSEG. The company also offered weaker-than-expected guidance for the current period.
Super Micro also said that it “continues to work diligently” to meet the deadline to file its delayed fiscal 2024 annual and fiscal 2025 first and second quarter reports as it faces the possibility of a Nasdaq delisting.
Shares of the company, known for its servers powered with Nvidia graphics processing chips, have been on a rollercoaster ride since Hindenburg Research revealed a short position in the stock and the company delayed releasing its annual report in August. The company’s auditor quit in October, citing governance issues, and Super Micro’s drop in share price spurred the possibility of a delisting from the Nasdaq exchange.
The rollercoaster continued into Tuesday’s release. The stock is up about 27% in 2025 but down from its March 2024 high.
Super Micro’s prime position in the artificial intelligence world catapulted the stock to new heights as ChatGPT’s 2022 debut set off a craze for AI infrastructure. Recent earnings reports and commentary suggest that megacaps Meta, Amazon, Alphabet and Microsoft plan to invest as much as $320 billion into AI projects this year.
Technology
Tesla drops 6% after BYD partners with DeepSeek, Musk adds to DOGE distractions with OpenAI bid
Tesla and SpaceX CEO Elon Musk joins U.S. President Donald Trump during an executive order signing in the Oval Office at the White House on Feb. 11, 2025 in Washington, DC.
Andrew Harnik | Getty Images
Tesla shares dropped 6% on Tuesday after Chinese rival BYD announced plans to develop autonomous vehicle technology with DeepSeek, and said it would offer its Autopilot-like system in nearly all of its new cars, adding to fears that Elon Musk’s company is falling behind the competition.
There’s also growing concerns surrounding Musk’s distractions outside of Tesla, after news surfaced that the world’s richest person is offering to lead an investor group in purchasing OpenAI, while he steps up his work with President Donald Trump’s White House.
Tesla’s stock price has slid for five straight days, falling close to 17% over that stretch to $328.50, and wiping out over $200 billion in market cap.
BYD, which has emerged as Tesla’s fiercest rival on the world stage, said on Monday that at least 21 of its new model vehicles will come equipped with its partially automated driving systems that include features for automatic parking and navigating on highways.
Tesla doesn’t yet offer a robotaxi and its EVs currently require a human driver to remain at the wheel, ready to steer or brake at any time. On Tesla’s earnings call last month, Musk said the company is aiming to launch “Unsupervised Full Self-Driving,” and a driverless rideshare service in Austin, Texas, in June. Alphabet’s Waymo already operates a robotaxi service in Austin as well as in parts of Phoenix, San Francisco.
“In our view, competition between Waymo, Tesla and a host of Chinese players is a key driver on the path to commercialization” of robotaxis,” Morgan Stanley analysts wrote in a note to clients after the BYD announcement. The firm recommends buying the stock and has a price target of $430.
Waymo said on Tuesday that it added 10 square miles of coverage to its robotaxi service in Los Angeles.
In a report on Tuesday, Oppenheimer analysts wrote that the “autonomy competition may limit [Tesla] profitability.” Even if Tesla meets its June 2025 timeline for driverless cars in Texas, the company is “one of several autonomous technology providers, suggesting competition on price and performance,” they wrote.
In addition to running Tesla, Musk is CEO of SpaceX, owns social media company X and is head of artificial intelligence startup xAI. He’s also spending significant time these days in Washington, D.C., running the “Department of Government Efficiency” (DOGE) as a special government employee, aiming to slash federal spending, personnel, regulations and even entire agencies.
Many projects, many distractions
Investors already concerned about Musk’s hefty commitments beyond his trillion-dollar EV company have more reason for trepidation after events that unfolded on Monday. Musk’s attorney, Marc Toberoff, confirmed to CNBC that Musk was leading a consortium of investors in a $97.4 billion bid for OpenAI.
Musk was among the founders of OpenAI in 2015, when the AI startup was created as a nonprofit research lab. Musk sought to have Tesla acquire OpenAI, and he later departed the organization’s board.
OpenAI has since commercialized numerous products, most notably ChatGPT. Co-founder and CEO Sam Altman is seeking to restructure OpenAI as a for-profit entity. Musk has sued OpenAI to prevent that transition, and started xAI as a direct competitor.
The Oppenheimer analysts wrote that, “While [Tesla] has shifted focus to being a Physical AI play, we view Elon Musk’s bid for Open AI as a distraction from [Tesla’s] challenges.”
Altman told employees in a memo on Tuesday that OpenAI’s board hasn’t received an official offer from Musk and reminded staffers that “Elon has a history of making claims that don’t hold up.”
Later on Tuesday, Toberoff said in a statement that he emailed the bid for OpenAI on behalf of the Musk-led consortium a day earlier to OpenAI’s outside counsel William Savitt and Sarah Eddy “for transmission to their client.” Toberoff said the bid was “in the form of a detailed four-page letter” and was addressed to OpenAI’s board.
“Whether Sam Altman chose to provide or withhold this from OpenAI’s other Board members is outside of our control,” he wrote.
Oppenheimer’s analysts also highlighted the added risks associated with Musk’s extensive work with the Trump administration.
While Musk’s behavior “has fans in certain circles,” his public life “risks alienating consumers and employees as the Trump administration tests the limits of its power,” they wrote. For example, they referenced recent vehicle registration data that showed steep year-over-year declines in California and across several European markets.
Tesla and Musk didn’t immediately respond to a request for comment.
WATCH: Tesla still on track
Technology
Amazon opens beauty and personal care store in Italy as part of brick-and-mortar expansion
Amazon is opening a beauty and health products store in Milan, Italy, marking the company’s latest brick-and-mortar experiment.
The store is located in the city center of Milan, and features a range of beauty and personal care items, as well as nonprescription drugs, Amazon said in a blog post. The first store, which is called Amazon Parafarmacia & Beauty, will open its doors to the public on Wednesday.
The store will be stocked with products from beauty and skin-care brands including La Roche-Posay, Eucerin and Vichy. There are also “Derma-bars,” where shoppers can get a “complimentary digital skin analysis” of their skin type and condition, and receive product recommendations.
Amazon says the store includes a section staffed by on-site pharmacists where shoppers can purchase “non-prescription, over-the-counter medications.”
By launching its first “parapharmacy,” the e-commerce giant is hoping to parlay its online success in the beauty and personal care category into sales in the physical world. Beauty and personal care items, which include everything from hairspray and cosmetics to deodorants and Q-tips, make up one of the fastest-growing verticals on Amazon.
The company began offering health and beauty products in 2000, but its selection was initially limited to most mass-market brands. It has since added more luxury brands such as Estée Lauder and La Mer.
The new store format also marks Amazon’s latest experiment in physical retail. The company opened and then shuttered all of its bookstores, pop-up shops, four-star stores and apparel stores. It has also shrunk its footprint of Amazon Go convenience stores, shutting down a storefront in Woodland Hills, California, last month. In grocery, Amazon’s portfolio includes Whole Foods supermarkets and its own chain of Fresh stores.
-
Sports2 years ago‘Storybook stuff’: Inside the night Bryce Harper sent the Phillies to the World Series
-
Sports10 months agoStory injured on diving stop, exits Red Sox game
-
Sports1 year agoGame 1 of WS least-watched in recorded history
-
Sports2 years agoMLB Rank 2023: Ranking baseball’s top 100 players
-
Sports3 years ago
Team Europe easily wins 4th straight Laver Cup
-
Environment2 years agoJapan and South Korea have a lot at stake in a free and open South China Sea
-
Environment2 years agoGame-changing Lectric XPedition launched as affordable electric cargo bike
-
Business2 years agoBank of England’s extraordinary response to government policy is almost unthinkable | Ed Conway