Ransomware is 35 years old and now a billion-dollar problem. Here’s how it could evolve
As the ransomware industry evolves, experts are predicting hackers will only continue to find more and more ways of using the technology to exploit businesses and individuals.
Seksan Mongkhonkhamsao | Moment | Getty Images
Ransomware is now a billion-dollar industry. But it wasn’t always that large — nor was it a prevalent cybersecurity risk like it is today.
Dating back to the 1980s, ransomware is a form of malware used by cybercriminals to lock files on a person’s computer and demand payment to unlock them.
The technology — which officially turned 35 on Dec. 12 — has come a long way, with criminals now able to spin up ransomware much faster and deploy it across multiple targets.
Cybercriminals raked in $1 billion of extorted cryptocurrency payments from ransomware victims in 2023 — a record high, according to data from blockchain analysis firm Chainalysis.
Experts expect ransomware to continue evolving, with modern-day cloud computing tech, artificial intelligence and geopolitics shaping the future.
How did ransomware come about?
The first event considered to be a ransomware attack happened in 1989.
A hacker physically mailed floppy disks claiming to contain software that could help determine whether someone was at risk of developing AIDs.
However, when installed, the software would hide directories and encrypt file names on people’s computers after they’d rebooted 90 times.
It would then display a ransom note requesting a cashier’s check to be sent to an address in Panama for a license to restore the files and directories.
The program became known by the cybersecurity community as the “AIDs Trojan.”
“It was the first ransomware and it came from someone’s imagination. It wasn’t something that they’d read about or that had been researched,” Martin Lee, EMEA lead for Talos, the cyber threat intelligence division of IT equipment giant Cisco, told CNBC in an interview.
“Prior to that, it was just never discussed. There wasn’t even the theoretical concept of ransomware.”
The perpetrator, a Harvard-taught biologist named Joseph Popp, was caught and arrested. However, after displaying erratic behavior, he was found unfit to stand trial and returned to the United States.
How ransomware has developed
Since the AIDs Trojan emerged, ransomware has evolved a great deal. In 2004, a threat actor targeted Russian citizens with a criminal ransomware program known today as “GPCode.”
The program was delivered to people via email — an attack method today commonly known as “phishing.” Users, tempted with the promise of an attractive career offer, would download an attachment which contained malware disguising itself as a job application form.
Once opened, the attachment downloaded and installed malware on the victim’s computer, scanning the file system and encrypting files and demanding payment via wire transfer.
Then, in the early 2010s, ransomware hackers turned to crypto as a method of payment.
In 2013, only a few years after the creation of bitcoin, the CryptoLocker ransomware emerged.
Hackers targeting people with this program demanded payment in either bitcoin or prepaid cash vouchers — but it was an early example of how crypto became the currency of choice for ransomware attackers.
Later, more prominent examples of ransomware attacks that selected crypto as the ransom payment method of choice included the likes of WannaCry and Petya.
“Cryptocurrencies provide many advantages for the bad guys, precisely because it is a way of transferring value and money outside of the regulated banking system in a way that is anonymous and immutable,” Lee told CNBC. “If somebody’s paid you, that payment can’t be rolled back.”
CryptoLocker also became notorious in the cybersecurity community as one of the earliest examples of a “ransomware-as-a-service” operation — that is, a ransomware service sold by developers to more novice hackers for a fee to allow them to carry out attacks.
“In the early 2010s, we have this increase in professionalization,” Lee said, adding that the gang behind CryptoLocker were “very successful in operating the crime.”
What’s next for ransomware?
As the ransomware industry evolves even further, experts are predicting hackers will only continue to find more and more ways of using the technology to exploit businesses and individuals.
By 2031, ransomware is predicted to cost victims a combined $265 billion annually, according to a report from Cybersecurity Ventures.
Some experts worry AI has lowered the barrier to entry for criminals looking to create and use ransomware. Generative AI tools like OpenAI’s ChatGPT allow everyday internet users to insert text-based queries and requests and get sophisticated, humanlike answers in response — and many programmers are even using it to help them write code.
Mike Beck, chief information security officer of Darktrace, told CNBC’s “Squawk Box Europe” there’s a “huge opportunity” for AI — both in arming the cybercriminals and improving productivity and operations within cybersecurity companies.
“We have to arm ourselves with the same tools that the bad guys are using,” Beck said. “The bad guys are going to be using the same tooling that is being used alongside all that kind of change today.”
But Lee doesn’t think AI poses as severe a ransomware risk as many would think.
“There’s a lot of hypothesis about AI being very good for social engineering,” Lee told CNBC. “However, when you look at the attacks that are out there and clearly working, it tends to be the simplest ones that are so successful.”
Targeting cloud systems
A serious threat to watch out for in future could be hackers targeting cloud systems, which enable businesses to store data and host websites and apps remotely from far-flung data centers.
“We haven’t seen an awful lot of ransomware hitting cloud systems, and I think that’s likely to be the future as it progresses,” Lee said.
We could eventually see ransomware attacks that encrypt cloud assets or withhold access to them by changing credentials or using identity-based attacks to deny users access, according to Lee.
Geopolitics is also expected to play a key role in the way ransomware evolves in the years to come.
“Over the last 10 years, the distinction between criminal ransomware and nation-state attacks is becoming increasingly blurred, and ransomware is becoming a geopolitical weapon that can be used as a tool of geopolitics to disrupt organizations in countries perceived as hostile,” Lee said.
“I think we’re probably going to see more of that,” he added. “It’s fascinating to see how the criminal world could be co-opted by a nation state to do its bidding.”
Another risk Lee sees gaining traction is autonomously distributed ransomware.
“There is still scope for there to be more ransomwares out there that spread autonomously — perhaps not hitting everything in their path but limiting themselves to a specific domain or a specific organization,” he told CNBC.
Lee also expects ransomware-as-a-service to expand rapidly.
“I think we will increasingly see the ransomware ecosystem becoming increasingly professionalized, moving almost exclusively towards that ransomware-as-a-service model,” he said.
But even as the ways criminals use ransomware are set to evolve, the actual makeup of the technology isn’t expected to change too drastically in the coming years.
“Outside of RaaS providers and those leveraging stolen or procured toolchains, credentials and system access have proven to be effective,” Jake King, security lead at internet search firm Elastic, told CNBC.
“Until further roadblocks appear for adversaries, we will likely continue to observe the same patterns.”
Vice Chair and President at Microsoft, Brad Smith, participates in the first day of Web Summit in Lisbon, Portugal, on November 12, 2024. The largest technology conference in the world this year has 71,528 attendees from 153 countries and 3,050 companies, with AI emerging as the most represented industry. (Photo by Rita Franca/NurPhoto via Getty Images)
Nurphoto | Nurphoto | Getty Images
Microsoft plans to spend $80 billion in fiscal 2025 on the construction of data centers that can handle artificial intelligence workloads, the company said in a Friday blog post.
Over half of the expected AI infrastructure spending will take place in the U.S., Microsoft Vice Chair and President Brad Smith wrote. Microsoft’s 2025 fiscal year ends in June.
“Today, the United States leads the global AI race thanks to the investment of private capital and innovations by American companies of all sizes, from dynamic start-ups to well-established enterprises,” Smith said. “At Microsoft, we’ve seen this firsthand through our partnership with OpenAI, from rising firms such as Anthropic and xAI, and our own AI-enabled software platforms and applications.”
Several top-tier technology companies are rushing to spend billions on Nvidia graphics processing units for training and running AI models. The fast spread of OpenAI’s ChatGPT assistant, which launched in late 2022, kicked off the AI race for companies to deliver their own generative AI capabilities. Having invested more than $13 billion in OpenAI, Microsoft provides cloud infrastructure to the startup and has incorporated its models into Windows, Teams and other products.
Microsoft reported $20 billion in capital expenditures and assets acquired under finance leases worldwide, with $14.9 billion spent on property and equipment, in the first quarter of fiscal 2025. Capital expenditures will increase sequentially in the fiscal second quarter, Microsoft Chief Financial Officer Amy Hood said in October.
The company’s revenue from Azure and other cloud services grew 33% year over year, with 12 percentage points of that growth stemming from AI services.
Smith called on President-elect Donald Trump‘s incoming administration to protect the country’s leadership in AI through education and the promotion of U.S. AI technologies abroad.
“China is starting to offer developing countries subsidized access to scarce chips, and it’s promising to build local AI data centers,” Smith wrote. “The Chinese wisely recognize that if a country standardizes on China’s AI platform, it likely will continue to rely on that platform in the future.”
He added, “The best response for the United States is not to complain about the competition but to ensure we win the race ahead. This will require that we move quickly and effectively to promote American AI as a superior alternative.”
Technology
Meta replaces Global Affairs President Nick Clegg with Joel Kaplan ahead of Trump inauguration
Facebook vice president of global public policy Joel Kaplan and Facebook CEO Mark Zuckerberg leave the Elysee Presidential Palace after a meeting with French President Emmanuel Macron on May 23, 2018 in Paris, France.
Chesnot | Getty Images
Facebook parent Meta is replacing President of Global Affairs Nick Clegg with Joel Kaplan, the company’s current policy vice president and a former Republican party staffer.
The shake up comes three weeks before President-elect Donald Trump’s inauguration, and it’s the latest sign of how tech companies are positioning themselves for a new administration in Washington.
Clegg, a former British deputy prime minister, said he is stepping down, citing the new year as the right time to move on. He’ll be replaced by Kaplan, who will take on the title of Chief Global Affairs Officer.
Kaplan was a staffer under former President George W. Bush, and he appeared at the NYSE with Vice President-elect J.D. Vance and Trump in December. He also attended Supreme Court Justice Brett Kavanaugh’s confirmation hearing in 2018 as a personal friend, causing a controversy for the social media company.
“I will look forward to spending a few months handing over the reins — and to representing the company at a number of international gatherings in Q1 of this year,” Clegg wrote in a memo to his staff that he shared on Facebook on Thursday.
Clegg joined the company in 2018 after a career in British politics with the Liberal Democrats party, and he helped Meta navigate incredible scrutiny, especially over the company’s influence on elections and its efforts to control harmful content. Clegg also helped steer the company through the Cambridge Analytica scandal, in which Facebook shared user data with third-party political consultants. He also represented the company in Washington and London, frequently at panels for artificial intelligence and at congressional hearings.
“My time at the company coincided with a significant resetting of the relationship between ‘big tech’ and the societal pressures manifested in new laws, institutions and norms affecting the sector,” Clegg wrote.
In his note, Clegg said that former Federal Communications Commission chairman Kevin Martin would replace Kaplan as Meta’s vice president of global policy. He mentioned that Kaplan would work closely with David Ginsburg, the company’s vice president of global communications and public affairs.
“Nick: I’m grateful for everything you’ve done for Meta and the world these past seven years,” Meta CEO Mark Zuckerberg said in a statement. You “built a strong team to carry this work forward. I’m excited for Joel to step into this role next given his deep experience and insight leading our policy work for many years.”
Semafor first reported the news.
WATCH: Meta: Here’s why Rosenblatt Securities has set a price target of $811 for the stock
-
Sports2 years ago‘Storybook stuff’: Inside the night Bryce Harper sent the Phillies to the World Series
-
Sports9 months agoStory injured on diving stop, exits Red Sox game
-
Sports1 year agoGame 1 of WS least-watched in recorded history
-
Sports2 years agoMLB Rank 2023: Ranking baseball’s top 100 players
-
Sports3 years ago
Team Europe easily wins 4th straight Laver Cup
-
Environment2 years agoJapan and South Korea have a lot at stake in a free and open South China Sea
-
Environment2 years agoGame-changing Lectric XPedition launched as affordable electric cargo bike
-
Business2 years agoBank of England’s extraordinary response to government policy is almost unthinkable | Ed Conway