The History of Ransomware
Ransomware attacks have posed a considerable threat to individuals and organizations alike since the mid- 2000s. However, the first attack actually occurred much earlier, in 1989. Since then, attacks have gotten much more sophisticated and prevalent. Let’s take a look at how ransomware has evolved over the years, how it attacks and who it targets, and what the future of ransomware looks like.
What is Ransomware?

Ransomware is a type of software that gains illegal access to secure files, systems or devices, then blocks legitimate users’ access. In order to regain access to the contents being hostaged, victims need to pay a ransom. This grants them access to the decryption key. Unfortunately, as some victims have discovered, paying the ransom does not always ensure that their access is unlocked. Some experts estimate that this happens as often as 25% of the time.
The First Attack
In true 80’s style, the first ransomware attack was perpetrated via floppy discs. An AIDS researcher distributed 20,000 floppy drives to other researchers all around the world, telling them the disc contained a questionnaire to determine if a patient had AIDS. However, unbeknownst to them, the drive also contained a program that initially remained dormant, and then after a pre
-determined number of shut-downs and reboots, would hold the computer and its files hostage until the user paid a “licensing fee” of $378.
The Evolution
Things have dramatically changed since that rudimentary early attack, but it did pave the way for future attacks. Early cybercriminals typically wrote their own programs, but today, we’re seeing a shift towards pre-made, “ready-to-attack” products that are made and distributed by others. This results in more sophisticated attacks, with harder to crack (sometimes impossible) encryptions. This has also opened the door to ransomware as a service, whereby cybercriminals will develop the ransomware software and license it for a fee (usually a percentage of the ransom that is acquired).
Who is at Risk?
Ultimately, everyone is at risk of an attack, however the truly sophisticated and targeted attacks are generally reserved for bigger targets. This means that while the average person may get a very generic phishing email, a larger target (perhaps an employee within a corporation or public sector organization) will receive a spear phishing email. These emails tend to be believable and personalized to include “insider information.” For example: “Hello David, we were contacted by your purchasing director, Miranda Cole, to confirm your upcoming order. Please see the attached invoice.” The goal is to lull users into a false sense of security so that they are more likely to click on links or open attachments without suspicion.
Looking Forwards
Going ahead, we can expect to see more attacks and larger ransom demands. Although many victims are successfully avoiding paying ransoms through the meticulous preparation of external back-ups, it only takes a small percentage of successful payouts to continue incentivizing and encouraging cybercriminals . The lesson here is that the best defense against ransomware attacks is education among all staff members, and frequent, tested, backups.
This article was published in the
July 2020
edition of The TMC Advisor
- ISSN 2369-663X Volume:7 Issue:5
©2020 TMC Consulting