BotNet News

Ransomware is a malicious software that holds files hostage, usually by encrypting them. The attacker then demands a fee to decrypt the encrypted files or return them. Historically, ransomware was used to extort money from unsuspecting users but in recent years it has been increasingly used as a tool for cryptominers, who need computing power to generate cryptocurrencies.

The first ransomware threat emerged in the 1980s when a Harvard-trained evolutionary biologist named Joseph L. Popp distributed AIDS Trojans on diskettes to attendees at an international AIDS conference. The code hid file directories and demanded $189 to unlock them, but it wasn’t until the 2000s when ransomware really came into its own. During this time, early variants such as PC Cyborg and GpCode made their way to the masses.

By the end of the decade, ransomware had become a staple of cybercriminals’ arsenals. Initially, attacks targeted individual computers but in the early 2010s ransomware became more sophisticated and targeted organizations.

Using social engineering to trick victims into downloading or opening phishing emails, malware like Reveton and NotPetya entered systems to install ransomware. Once inside, these types of attacks were able to take over the entire computer and encrypt data and files.

With the popularity of ransomware on the rise, security experts and law enforcement are continuing to fight back. In May 2023, CISA, the FBI and MS-ISAC released the #StopRansomware Guide, a helpful addendum to an organization’s cyber incident response plan that outlines key steps to reduce risk, including isolating infected aspects of a system, powering down components and identifying the source.