Ransomware: an evolving cyber attack

4 min

Ransomware is a type of cyberattack that encrypts a user’s files and makes them inaccessible, then demands a ransom for decryption. In recent years there has been a significant increase in the use of this type of malware by cybercriminals, sometimes organized in groups. The evolution of ransomware has seen the adoption of increasingly sophisticated, transparent, and deceptive methods to spread malware and make it more difficult to decrypt files. Let’s analyze together its evolution and how to protect yourself.

What is Ransomware

Ransomware is a type of malware that locks victims’ data or computing devices, threatening to keep them locked unless a ransom is paid to the attacker.

Today’s cybercriminals have greatly increased ransom demands, using methods such as “double extortion,” which involves a payment to unlock data and prevent its theft, and “triple extortion,” which adds the threat of a DDoS attack.

The availability of “Ransomware-as-a-service” solutions and the use of cryptocurrency as a form of untraceable payment have contributed to the exponential growth of Ransomware incidents. The FBI reported a 243 percent increase in the number of reported Ransomware incidents between 2013 and 2020.

Ransom demands vary, with some companies paying as much as $40-80 million to recover their data. However, costs are not just limited to ransomware; according to an IBM report, the average price of a Ransomware attack, excluding ransomware, was $4.62 million.

Ransomware attacks can use a variety of methods to infect devices or networks. The main vectors of Ransomware infection include phishing emails and other social engineering attacks, operating system and software vulnerabilities, credential theft, other malware, and drive-by downloads (i.e., malware that downloads from compromised websites without the user’s knowledge).
In addition, cybercriminals can also use ransomware-as-a-service (RaaS) to exploit already-developed malware code and share the ransom payment with developers.

Each of these vectors poses a cybersecurity threat and requires adequate protection to prevent and manage Ransomware attacks.

What are the various types?

Ransomware can be divided into types: the first, called “crypto-ransomware” which consists of the hostage-taking of user data by encrypting it; the second, called “locker ransomware“, locks the victim’s device entirely.

Both types can be further divided into subcategories such as:

  • Leakware/Doxware, which steals and threatens to publish sensitive data;
  • Mobile ransomware, which targets mobile devices;
  • Wipers/destructive ransomware, which threatens to destroy data if the ransom is not paid;
  • Scareware, which tries to scare users into paying the ransom.

Cybersecurity researchers have identified more than 130 distinct and active families or variants since 2020. Of these, some are particularly notable for their disruption, impact on ransomware development, or current threats.


The evolution of ransomware: cyber criminals strike new areas of business

The first attack was first identified in 1989, but it has only become a significant threat in recent years, with an increase in variants and sophistication of attacks.

Early ransomware was very simple and consisted of a program that locked the computer screen and demanded a small amount of money to unlock it. However, as computing power increased and the Internet became more widespread, cybercriminals began to develop more sophisticated forms.

In recent years there have been several variants of ransomware, such as CryptoLocker, WannaCry, Ryuk, and DarkSide. These attacks have become increasingly sophisticated and dangerous, causing great economic damage. In addition, cybercriminals are using new techniques to spread ransomware and demand higher and higher ransoms.

Intermittent encryption: the last frontier of ransomware

Intermittent encryption is a new evolution of ransomware, an attack technique used by cyber gangs to adapt to the current digital domain.

Cybercriminals take advantage of the opportunities provided by the new environment, caused by the speed and interconnectedness of current technologies that have accelerated human processes.

Ransomware uses encryption to carry out digital extortion. Security experts have analyzed and in some cases hacked the algorithms used in the past, but it is becoming increasingly difficult for victims to recover their data.

Encryption algorithms are not intended to prevent third parties from accessing information, only to inhibit access for some time long enough to cause harm to the victim.

Intermittent encryption is a set of schemes used to shorten encryption time by modifying only portions of files and causing irreparable damage in a short time.

The evolution of ransomware continues to increase its dangerousness. New intermittent encryption techniques make attacks faster and more difficult to thwart. Share on X

How to protect yourself

In conclusion, ransomware is an increasingly present threat to businesses and individuals. It is important to be aware of this threat and take several security measures to protect against this type of attack.

Consequently, first and foremost, it is crucial to have a good culture of cybersecurity. It is important because it helps prevent cyber security attacks through user awareness and education.

To protect our devices and personal information online, we need to be aware of the dangers and take appropriate measures. This includes using secure passwords, keeping our devices up-to-date, and checking the sources of information before clicking on links or opening attachments. It is also important to use a firewall, and antivirus software makes regular backups, and use secure online storage

It is essential to always be prepared and informed in order to protect your data and operations. In this regard, take a look at our report, “Cyber Resilience in Modern Times – Strategies and Insights for Tomorrow’s Leaders“.

Subscribe to our newsletter