The Evolution Of Ran$omware

A PROFITABLE ORGANIZED CRIME

Despite its brief spurt of fame, the effects of WannaCry ransomware had certainly left its mark. According to McAfee Labs’s estimates from mid-May 2017, the ransomware struck over 10,000 organizations, and 200,000 individuals across 150 countries, collecting at least US$145,168.96 in just 20 days. It’s not like any organized crime we’ve known, since cartels and black markets take decades to consolidate its influence and profits. In fact, ransomware has a relatively short history compared to regular malware, such as viruses, trojans, and adware.

The earliest instances of ransomware were first spotted in Russia as early as 2005. Their encryption methods were primitive, in comparison to modern strains like CryptoLocker and WannaCry. A 2006 ransomware called TROJ_CRYZIP.A zipped particular file types (.doc, .xls, .jpg, etc.) with password protection, and demanded US$300 in ransom via a simple .txt file.

It was only after 2012 when ransomware started actively targeting other territories, such as Europe and North America. One of the more memorable examples was Reveton, which uses location tracking to display a fake enforcement agency notification that’s relevant to the victims. For example, a U.S.-based user would get a fake FBI notification about their alleged “illegal activities” online. Folks in France would see the same message in French, while it spoofed the Gendarmerie Nationale emblem instead. According to cybersecurity blog Malwarebytes Lab, this variant still persisted in March 2016, and further improvements allow it to target macOS users. It also included a wider panel of impersonated authorities, such as the Royal Canadian Mounted Police and Europol.