The first ransomware appeared in 1980 and it's still on the rise. Why?

Ransomware attacks have increased. Cases in which hackers hijack information from companies and demand a ransom payment to return it, often extorting entrepreneurs with threats of data exposure. Part of the growth is explained by the pandemic. Since January of this year, attacks have increased almost fourfold in Brazil.

The media and qualified media have started to comment more on the subject. However, this security problem is not new.

The first references to attacks appeared in the mid-1980s. One of the first ransomwares was a DOS virus called Casino which, every April 15th, copied data from RAM and the FAT file system, and erased the entire contents of the hard drive. The user did not receive a ransom note. Instead, Casino displayed a slot machine-style game on the screen, with the message that the data would only be recovered if the victim managed to score points.

In the 1990s, another ransomware, known as PC Cyborg, began to be distributed via floppy disks. It encrypted the C:\ drive and demanded payment in cash. In practice, what PC Cyborg did was just rewrite the autoexec.bat system file, hide folders and encrypt the file names on the C:\ drive.

In 2005, the first modern pests appeared: Krotten, Cryzip and MayArchive. These, in fact, used RSA encryption to block data. They also demanded ransom payments.

And before I go on with the timeline, it's important to say that, just like biological viruses, computer viruses evolve over time, giving rise to different variants. As a result, they become more complex and difficult to combat, gaining greater power to devastate.

So it was with ransomware. And the whole world has felt the impact of this evolution.

On May 12, 2017, the virus carried out the biggest cyberattack in history. A ransomware known as WannaCry claimed more than 200,000 victims in 250 countries. And it affected all sectors of the economy. How did it get so far? The creator of this variation, as well as using the modus operandi of ransomware, combined characteristics of another group of viruses known as worms, which have the ability to spread automatically through computer networks, even the internet, exploiting computer vulnerabilities. In other words, the perfect scenario for a massive and rapid contagion.

A virus that can multiply and hijack user data has given rise to a new category of ransomware, known as worm ransomware.

But if this family of viruses has been around for so long, why has it only become so widespread in recent years?

The reason is simple. In decades gone by, the internet wasn't as developed, which restricted the virus' path to archaic vectors such as floppy disks and USB sticks. It's as if a car with a good engine only found bad roads to drive on, which changed its performance. Today, the Internet is equivalent to a highway that, in addition to having the best asphalt, shortens the journey because it is also a shortcut.

To learn more about how ransomware works and how to protect yourself, our e-book "Understanding the Enemy - A quick guide to ransomware, data hijacking, and why companies are at risk" is available free of charge. Just click on this link.

Leave a comment

Your e-mail address will not be published. Required fields are marked with *