June 01, 2017
The History of Ransomware
As you may know Ransomware has been hitting the headlines for many years. However, with the recent outbreak of WannaCry, it would seem as though Ransomware is now infecting more computer systems than ever before.
WannaCry infected over 200,000 computers in over 150 different countries across the globe, including the NHS.
The stories doing the rounds and the responses from politicians show a real lack of understanding about the problem and how it could have been prevented.
Simply throwing more money at this wouldn’t have solved the problem, it is years of bad management that have enabled this outbreak, and many others like it, to continuously cause chaos.
Politicians are saying it’s a disgrace that the NHS is being held to ransom, suggesting that this wave of malware targeted them specifically - this was not the case. It was targeting unsecure, out of date systems and the NHS has more than its fair share of those.
But how did we get here?
Computer viruses pre-date the internet as we know it, in fact they pre-date the microcomputer. The first first virus that appeared on a desktop computer was Elk Cloner which appeared on the Apple II in 1981. It’s a dubious honour, but someone has to be first.
At this time the term computer virus hadn’t been coined, that came along in 1983.
Another famous piece of malware and the grandfather of ransomware was the Aids Trojan which first appeared in 1989. This software was distributed on floppy disk under the pretence of being a valid program, but after 99 reboots the system would lock access to the data until you paid the ransom. Sound familiar?
The problem for the early pioneers of Ransomware was payment, in the case of the Aids Trojan you had to send a cheque to Panama. Needless to say the bad guys were soon caught.
Fast forward to 2012. This is when the so called Police Trojans appeared. Demanding a ransom to be paid, usually telling you they had found some dubious internet activity on your PC and they were going to report you to the police/ FBI when they had no intention of doing so. What is interesting though is these variants locked access to the whole computer. The data was intact, you just couldn’t get to it.
If the grandfather of ransomware is the Aids Trojan then the game changer is CryptoLocker. It’s almost become a generic phrase for Ransomware.
It was the first major variant to use Bitcoin and the first to use state of the art encryption. Unlike the Police Trojans these signified that the bad guys were getting serious.
So, here we are in 2017 and the latest variants are causing chaos. The reason they are able to succeed is because of vulnerabilities in computer operating systems. These are usually known about before but if systems aren’t updated the hackers see it as a way in.
It’s also far simpler to do now, creating a Ransomware “business” doesn’t take the in-depth computing knowledge that it did back in 1981. The whole thing can be taken “as a service” from the Dark Web. There are more than enough vulnerabilities you can buy access to and then use an army of infected machines to spread your evil software.
What is the answer? Well at Datto we don’t believe there is a single answer. We would suggest you add as many security layers as possible from the firewall, DNS, content filtering, email filtering, ad blocking, patch management anti-virus etc.
But, we tell our partners to assume the worst. From time to time threats get through and when it happens only a Business Continuity solution like Datto can turn back the clock to before the infection happened.
Let’s hope that this is finally the wake up call and companies (and health service providers) put systems in place to ensure that when this happens again it doesn’t cause any disruption.
It’s the way we will win the war on Ransomware.