Uncovering Aggressive Methods Used by Ransomware Operators to Disrupt Reputation of Victims

  • The first instance of ransomware was observed in December 1989.
  • Tracked as AIDS trojan, the ransomware was introduced to the world after it infected 20,000 floppy disks.

Ransomware has been one of the most prolific cyber threats in recent years and it is unlikely that the menace due to this malware will stop any time soon.

The first ransomware attack
The first instance of ransomware was observed in December 1989. Tracked as AIDS trojan, the ransomware was introduced to the world after it infected 20,000 floppy disks of delegates who had attended the World Health Organization’s AIDS conference in Stockholm.

The disk contained malicious code that hid file directories, locked file names and demanded victims a ransom of $189 to be sent to a PO Box in Panama.

Enhanced with more destructive nature
Almost two decades later, ransomware emerged to be much more powerful. In 2006, the malware assumed the name Archiveus and carried out sophisticated attacks on PCs across the globe. Archiveus encrypted all files in the ‘My Documents’ folder and instructed victims to make purchases on specific websites if they wanted to receive the decryption password.

The arrival of Bitcoin in 2008 added more fuel to a string of attacks under ransomware. The monikers including GPcode, Krotten, Cryzip, and many others changed the attack process of ransomware to extort people and generate revenue.

By 2016, ransomware-as-a-service had become common, enabling many organized cybercriminals to target businesses and public sector organizations.

Operators become more proactive
In today’s world, there are many decryption keys for several notorious ransomware. Also, with the recent ‘No More Ransom project’, organizations have started backing off from paying the ransom to ransomware authors. This has led the ransomware operators to devise a new ‘Naming-and-Shaming’ method recently.

Initiated by Maze ransomware operators, this new technique involves revealing the name as well as the data stolen from victim organizations on their websites. The operators plan to take up this tactic when a victim refuses to pay the ransom.

DoppelPaymer, Sodinokibi, and Nemty are some of the other ransomware that has started to fall in line with Maze ransomware. DoppelPaymer has launched its website named ‘Doppel Leaks’ to name and shame its victims.

Conclusion
Ransomware has become more problematic than ever and the issue will continue into 2020. If organizations secure their networks and ensure there are backups available, then they don’t have to pay the ransom. And, if people aren’t paying ransoms, cybercriminals will stop seeing ransomware as a lucrative weapon.