Ransomware is 35 years old and now a billion-dollar problem. Here’s how it could evolve
As the ransomware industry evolves, experts are predicting hackers will only continue to find more and more ways of using the technology to exploit businesses and individuals.
Seksan Mongkhonkhamsao | Moment | Getty Images
Ransomware is now a billion-dollar industry. But it wasn’t always that large — nor was it a prevalent cybersecurity risk like it is today.
Dating back to the 1980s, ransomware is a form of malware used by cybercriminals to lock files on a person’s computer and demand payment to unlock them.
The technology — which officially turned 35 on Dec. 12 — has come a long way, with criminals now able to spin up ransomware much faster and deploy it across multiple targets.
Cybercriminals raked in $1 billion of extorted cryptocurrency payments from ransomware victims in 2023 — a record high, according to data from blockchain analysis firm Chainalysis.
Experts expect ransomware to continue evolving, with modern-day cloud computing tech, artificial intelligence and geopolitics shaping the future.
How did ransomware come about?
The first event considered to be a ransomware attack happened in 1989.
A hacker physically mailed floppy disks claiming to contain software that could help determine whether someone was at risk of developing AIDs.
However, when installed, the software would hide directories and encrypt file names on people’s computers after they’d rebooted 90 times.
It would then display a ransom note requesting a cashier’s check to be sent to an address in Panama for a license to restore the files and directories.
The program became known by the cybersecurity community as the “AIDs Trojan.”
“It was the first ransomware and it came from someone’s imagination. It wasn’t something that they’d read about or that had been researched,” Martin Lee, EMEA lead for Talos, the cyber threat intelligence division of IT equipment giant Cisco, told CNBC in an interview.
“Prior to that, it was just never discussed. There wasn’t even the theoretical concept of ransomware.”
The perpetrator, a Harvard-taught biologist named Joseph Popp, was caught and arrested. However, after displaying erratic behavior, he was found unfit to stand trial and returned to the United States.
How ransomware has developed
Since the AIDs Trojan emerged, ransomware has evolved a great deal. In 2004, a threat actor targeted Russian citizens with a criminal ransomware program known today as “GPCode.”
The program was delivered to people via email — an attack method today commonly known as “phishing.” Users, tempted with the promise of an attractive career offer, would download an attachment which contained malware disguising itself as a job application form.
Once opened, the attachment downloaded and installed malware on the victim’s computer, scanning the file system and encrypting files and demanding payment via wire transfer.
Then, in the early 2010s, ransomware hackers turned to crypto as a method of payment.
In 2013, only a few years after the creation of bitcoin, the CryptoLocker ransomware emerged.
Hackers targeting people with this program demanded payment in either bitcoin or prepaid cash vouchers — but it was an early example of how crypto became the currency of choice for ransomware attackers.
Later, more prominent examples of ransomware attacks that selected crypto as the ransom payment method of choice included the likes of WannaCry and Petya.
“Cryptocurrencies provide many advantages for the bad guys, precisely because it is a way of transferring value and money outside of the regulated banking system in a way that is anonymous and immutable,” Lee told CNBC. “If somebody’s paid you, that payment can’t be rolled back.”
CryptoLocker also became notorious in the cybersecurity community as one of the earliest examples of a “ransomware-as-a-service” operation — that is, a ransomware service sold by developers to more novice hackers for a fee to allow them to carry out attacks.
“In the early 2010s, we have this increase in professionalization,” Lee said, adding that the gang behind CryptoLocker were “very successful in operating the crime.”
What’s next for ransomware?
As the ransomware industry evolves even further, experts are predicting hackers will only continue to find more and more ways of using the technology to exploit businesses and individuals.
By 2031, ransomware is predicted to cost victims a combined $265 billion annually, according to a report from Cybersecurity Ventures.
Some experts worry AI has lowered the barrier to entry for criminals looking to create and use ransomware. Generative AI tools like OpenAI’s ChatGPT allow everyday internet users to insert text-based queries and requests and get sophisticated, humanlike answers in response — and many programmers are even using it to help them write code.
Mike Beck, chief information security officer of Darktrace, told CNBC’s “Squawk Box Europe” there’s a “huge opportunity” for AI — both in arming the cybercriminals and improving productivity and operations within cybersecurity companies.
“We have to arm ourselves with the same tools that the bad guys are using,” Beck said. “The bad guys are going to be using the same tooling that is being used alongside all that kind of change today.”
But Lee doesn’t think AI poses as severe a ransomware risk as many would think.
“There’s a lot of hypothesis about AI being very good for social engineering,” Lee told CNBC. “However, when you look at the attacks that are out there and clearly working, it tends to be the simplest ones that are so successful.”
Targeting cloud systems
A serious threat to watch out for in future could be hackers targeting cloud systems, which enable businesses to store data and host websites and apps remotely from far-flung data centers.
“We haven’t seen an awful lot of ransomware hitting cloud systems, and I think that’s likely to be the future as it progresses,” Lee said.
We could eventually see ransomware attacks that encrypt cloud assets or withhold access to them by changing credentials or using identity-based attacks to deny users access, according to Lee.
Geopolitics is also expected to play a key role in the way ransomware evolves in the years to come.
“Over the last 10 years, the distinction between criminal ransomware and nation-state attacks is becoming increasingly blurred, and ransomware is becoming a geopolitical weapon that can be used as a tool of geopolitics to disrupt organizations in countries perceived as hostile,” Lee said.
“I think we’re probably going to see more of that,” he added. “It’s fascinating to see how the criminal world could be co-opted by a nation state to do its bidding.”
Another risk Lee sees gaining traction is autonomously distributed ransomware.
“There is still scope for there to be more ransomwares out there that spread autonomously — perhaps not hitting everything in their path but limiting themselves to a specific domain or a specific organization,” he told CNBC.
Lee also expects ransomware-as-a-service to expand rapidly.
“I think we will increasingly see the ransomware ecosystem becoming increasingly professionalized, moving almost exclusively towards that ransomware-as-a-service model,” he said.
But even as the ways criminals use ransomware are set to evolve, the actual makeup of the technology isn’t expected to change too drastically in the coming years.
“Outside of RaaS providers and those leveraging stolen or procured toolchains, credentials and system access have proven to be effective,” Jake King, security lead at internet search firm Elastic, told CNBC.
“Until further roadblocks appear for adversaries, we will likely continue to observe the same patterns.”
Dado Ruvic | Reuters
OpenAI will not be allowed use the word “cameo” to name any products or features in its Sora app for a month after a federal judge placed a temporary restraining order for the term on the AI startup.
U.S. District Judge Eumi K. Lee granted a temporary restraining order on Monday, blocking OpenAI from using the “cameo” mark or similar words like “Kameo” or “CameoVideo” for any function related to Sora, the company’s AI-generated video app.
“We disagree with the complaint’s assertion that anyone can claim exclusive ownership over the word ‘cameo’, and we look forward to continuing to make our case to the court,” an OpenAI spokesperson told CNBC.
Lee granted the order after OpenAI was sued in October by Cameo, a platform that allows users to purchase personalized videos from celebrities. Cameo filed a trademark lawsuit against the artificial intelligence company following the launch of Sora’s “Cameo” feature, which allowed users to generate characters of themselves or others and insert them into videos.
“We are gratified by the court’s decision, which recognizes the need to protect consumers from the confusion that OpenAI has created by using the Cameo trademark,” Cameo CEO Steven Galanis said in a statement. “While the court’s order is temporary, we hope that OpenAI will agree to stop using our mark permanently to avoid any further harm to the public or Cameo.”
The order is set to expire on Dec. 22, and a hearing for whether the halt should be made permanent is scheduled for Dec. 19.
Sam Altman, chief executive officer of OpenAI Inc., during a media tour of the Stargate AI data center in Abilene, Texas, US, on Tuesday, Sept. 23, 2025.
Kyle Grillot | Bloomberg | Getty Images
OpenAI announced a new tool called “shopping research” on Monday, right as consumers will be ramping up spending ahead of the holiday season.
The startup said the tool is designed for ChatGPT users who are looking for detailed, well-researched shopping guides. The guides include top products, key differences between the products and the latest information from retailers, according to a blog.
Users will be able to tailor their guides based on their budget, what features they care about and who they are shopping for. OpenAI said it will take a couple of minutes to generate answers with shopping research, so users who are looking for simple answers like a price check can still rely on a regular ChatGPT response.
When users submit prompts to ChatGPT that say things like, “Find the quietest cordless stick vacuum for a small apartment,” or “I need a gift for my four year old niece who loves art,” they will see the shopping research tool pop up automatically, OpenAI said. The tool can also be accessed from the menu.
OpenAI has been pushing deeper into e-commerce in recent months. The company introduced a feature called Instant Checkout in September that allows users to make purchases directly from eligible merchants through ChatGPT.
Shopping research users will be able to make purchases with Instant Checkout in the future, OpenAI said on Monday.
OpenAI said its shopping research results are organic and based on publicly available retail websites, and that it will not share users’ chats with retailers. It’s possible that shopping research will make mistakes around product availability and pricing, the company said.
Shopping research is rolling out to OpenAI’s Free, Go, Plus and Pro users who are logged in to ChatGPT.
A Tesla logo outside the company’s Tilburg Factory and Delivery Center.
Karol Serewis | Getty Images
Tesla is trying to get its “FSD Supervised” technology approved for use in the Netherlands. But Dutch regulators are telling Tesla fans to stop pressuring safety authority RDW on the matter, and that their efforts will have “no influence” on the ultimate decision.
The RDW issued a statement on Monday directed at those who have been sending messages to try and get the agency to clear Tesla’s premium partially automated driving system, marketed in the U.S. as the Full Self-Driving (Supervised) option. It’s not yet available for use in the Netherlands or Europe broadly.
“We thank everyone who has already done so and would like to ask everyone not to contact us about this,” the agency said. “It takes up unnecessary time for our customer service. Moreover, this will have no influence on whether or not the planning is met. Road safety is the RDW’s top priority: admission is only possible once the safety of the system has been convincingly demonstrated.”
The regulator said it will make a decision only after Elon Musk’s company shows that the technology meets the country’s stringent vehicle safety standards. The RDW has booked a schedule allowing Tesla to demonstrate its systems, and said it could decide on authorization as early as February.
Last week, Tesla posted on X encouraging its followers to contact RDW to express their wishes to have the systems approved.
The post claimed, “RDW has committed to granting Netherlands National approval in February 2026,” adding a message to “please contact them via link below to express your excitement & thank them for making this happen as soon as possible.” Tesla said other EU countries could then follow suit.
The RDW corrected Tesla on Monday, saying in a statement on its official website, that such approval is not guaranteed and had not been promised.
Tesla didn’t immediately respond to a request for comment.
In the U.S., the National Highway Traffic Safety Administration opened an investigation into Tesla’s FSD-equipped vehicles in October following reports of widespread traffic violations tied to use of the systems.
The cars Tesla sells today, even with FSD Supervised engaged, require a human driver ready to brake or steer at any time.
For years, Musk has promised that Tesla customers would soon be able to turn their existing electric vehicles into robotaxis, capable of generating income for owners while they sleep or go on vacation, with a simple software update.
That hasn’t happened yet, and Tesla has since informed owners that future upgrades will require new hardware as well as software releases.
Tesla is testing a Robotaxi-brand ride-hailing service in Texas and elsewhere, but it includes human safety drivers or supervisors on board who either conduct the drives or manually intervene as needed. Musk has said the company aims to remove human driers in Austin, Texas, by the end of 2025.
-
Sports2 years agoStory injured on diving stop, exits Red Sox game
-
Sports3 years ago‘Storybook stuff’: Inside the night Bryce Harper sent the Phillies to the World Series
-
Sports2 years agoGame 1 of WS least-watched in recorded history
-
Sports3 years agoButton battles heat exhaustion in NASCAR debut
-
Sports3 years agoMLB Rank 2023: Ranking baseball’s top 100 players
-
Sports4 years ago
Team Europe easily wins 4th straight Laver Cup
-
Environment3 years agoJapan and South Korea have a lot at stake in a free and open South China Sea
-
Environment1 year agoHere are the best electric bikes you can buy at every price level in October 2024