The Birth of Ransomware: The PC Cyborg Virus
In December 1989, an evolutionary biologist named Dr. Joseph Popp sent out a floppy disk to around 20,000 people, marking the beginning of what would become the first known ransomware virus in history. The recipients of this disk were attendees at a World Health Organization conference in Stockholm, Sweden. Upon inserting the disk into their computers, they were greeted with a message demanding $189 be sent to a PO Box in Panama.
While the virus — later referred to as the PC Cyborg Virus — was successful in some ways, with prompting financial payouts and causing significant data loss, two factors contributed to its relatively short-lived impact. First, the virus itself was fairly simple. Dr. Popp used symmetric cryptography, a method of encryption that relies on a single key for both encrypting and decrypting data. This vulnerability allowed several users to easily reverse the damage. Second, the lack of anonymity in the payment process led to Dr. Popp’s eventual arrest, which ultimately ended the short reign of the PC Cyborg Virus.
The Evolution of Ransomware as a Service (RaaS)
Fast-forward to 2024, and we’ve moved far beyond floppy disks and simple encryption techniques. Ransomware as a Service (RaaS) has entered the chat. These groups now operate under hierarchical structures similar to traditional corporate models, complete with CEOs, sales teams, and R&D departments — all supported by cryptocurrency to keep the dark web economy running. This new business model, which makes ransomware attacks accessible to anyone with a computer and a questionable ethical stance, has been around since roughly 2016 and became the norm by 2019.
According to an article in Cybercrime Magazine, ransomware is projected to cost its victims nearly $265 billion annually by 2031. When calculating the total cost of a ransomware attack, it’s important to factor in more than just the ransom payments. Expenses like employee downtime, loss of revenue, and reputational damage also play a significant role in the overall financial toll.
The Financial Impact of Ransomware Attacks
The largest known ransomware payment to date was made by an unnamed victim to a group known as the Dark Angels, according to Infosecurity Magazine. The payout was a staggering $75 million. Unlike many cybercriminal organizations, the Dark Angels typically target a single organization at a time. However, this figure doesn’t account for the billions lost due to other impacts, such as downtime and reputational harm.
How Ransomware as a Service Operates
What sets RaaS apart from traditional ransomware is how these organizations operate. In a white paper published by Bitdefender, The Gig Economy Behind Ransomware, RaaS is compared to a typical e-commerce business. These organizations are structured with clear hierarchies. Operators develop the ransomware software and maintain the infrastructure, while affiliates recruit on dark web forums to carry out attacks. The entire system resembles a business operation, with specialists conducting interviews, and even user reviews akin to those on Yelp, which rate vendors and affiliates on trust, success rates, and more.
If the highly organized nature of these “misfortune 500” companies isn’t troubling enough, the international cooperation between cybercriminals adds another layer of complexity. These groups work together across borders, making it difficult for law enforcement to navigate through varying national laws.
Ransomware’s Paradoxical “Ethical” Stance
Another intriguing aspect of the RaaS model is the unusual customer-service approach these cybercriminal organizations adopt. Not only do they recruit top-tier engineers to create sophisticated ransomware tools and professional websites, but they also appear to operate with a peculiar sense of ethical restraint. The infamous DarkSide hacker group, responsible for the Colonial Pipeline attack, publicly stated that they avoid targeting certain sectors. They claim to steer clear of industries like healthcare, education, and government, presumably to avoid negative societal consequences.
Despite the seemingly paradoxical “ethical” stance of these groups, they remain criminal enterprises that exploit businesses and individuals who struggle to keep pace with the evolving nature of ransomware. For every patch or hotfix deployed, a new variant emerges, waiting to infiltrate systems. While this might seem overwhelming, there are steps you can take to protect what is most critical to your business: your data.
Backup Strategies to Protect Against Ransomware
One of the most important things you can do is to backup your data. Of course, any hacker worth their weight in Bitcoin already knows about backups and how to look for them during an attack. That’s why it’s critical to be strategic about your backup plan. Following the 3-2-1 rule is a great place to start. This means having three copies of your data on two different types of media with one off-site or offline and (air-gapped). An example of this would be your production environment with a local backup on disk and a backup copy job in an immutable cloud or on tape.
Another important part of this strategy is the implementation of your backup infrastructure. A very common method for ransomware is to get credentials to your backup server and then just delete all the backups entirely. Having your backup server on the production domain makes this process a lot easier. That is why you should put your backup components on either a separate domain with one way trust or for smaller environments, simply use a workgroup.
Keeping your backup components separated from a permissions perspective is a great first step. Keeping those components in separate networks can help prevent ransomware from spreading through your environment as well. Different permissions, different networks and different physical locations are all great strategies for ensuring a recovery after a ransomware attack.
Cybersecurity Best Practices for Mitigating Ransomware
While backups are critical in the fight against ransomware, there are some proactive steps you can take as well to mitigate the chance of a ransomware attack being successful in the first place. While some may seem like common sense, these things are often overlooked in our busy day-to-day schedules.
Things like rotating your passwords often, using different passwords and keeping all systems and software up to date are easy yet effective ways to guard against malicious attempts at stealing your data.
Being smart about email is another aspect of ransomware mitigation. Email phishing attacks are still the leading cause of malware infections. Be careful about clicking on links, downloading attachments and responding to emails with sensitive information. Even when the email appears to be someone like your boss or CEO, you should be extra cautious and remember that social engineering is just another way in which users are exploited for sensitive information.
The Ongoing Threat of Ransomware as a Service
Ransomware as a Service is a prevalent threat in our increasingly digital world. From personal finances and identity theft to the exploitation of major government entities, ransomware has become inextricably tied to technology, evolving alongside it. Both Ransomware as a Service and ransomware itself continue to innovate, finding new ways to target victims and operate from the shadows.
While the sophistication of these criminal enterprises grows, ransomware still requires a weak link to infiltrate. By adopting the 3-2-1 backup strategy, implementing cybersecurity best practices, and applying a healthy dose of common sense, we can significantly reduce vulnerabilities. In a fast-paced online world, perhaps the best defense is to slow down — to stop and think before acting, to check and double-check. Amid the complexities of the digital landscape, simplicity and intentionality may be the key to staying safe and doing the next right thing.
The post Understanding Ransomware as a Service and Its Risks appeared first on Veeam Software Official Blog.
from Veeam Software Official Blog https://ift.tt/RpL68go
Share this content: