At the World Health Organization’s AIDS conference in 1989, the materials attendees received included a disk labeled “AIDS Information – Introductory Diskette.” Distributed by Harvard-trained biologist Dr. Joseph L. Popp, it contained a program for analyzing a person’s risk of getting AIDS.
But the doctor included something extra on the unassuming floppy.
It transferred a hidden program to the computer’s hard drive. After 90 reboots, the malicious code scrambled and encrypted the files. To the unsuspecting user, it was like a hard drive crash. The difference was it displayed a message with instructions to mail $189 to a PO box in Panama, and they would receive the antidote to restore the data.
This digital version of the Trojan horse was the birth of ransomware.
What is Ransomware?
A type of malicious software designed to block access to a computer system until a sum of money is paid.
Just like a kidnapper holds a victim hostage until a ransom is paid, ransomware does the same with data.
To a computer, your files are just a string of numbers stored on an electronic medium, usually a hard drive. The operating system scans these numbers and converts them to something human-readable. Those jpeg images of that incredible vacation may spark beautiful memories. But to your PC, it’s just a bunch of ones and zeroes following the rules of the jpeg standard.
A ransomware trojan runs these files through encryption routines that convert them to gibberish. A virtual key locks the encryption. After a ransomware attack, when your computer tries to display those vacation pics, it has no idea what to do. But if you have the key, your files can be restored.
To get the unique digital key, you’ll have to pay the ransom. The ransomware distributor provides instructions on how to pay, usually with digital currency like Bitcoin.
The Ransomware Explosion
May 7, 2021, started like any other day for employees in the Colonial Pipeline control room. But around 5 am a computer screen displayed a message that the data in this system has been encrypted. It included instructions on how to pay for the key to unlock the data.
By 6:10 am, the entire pipeline was shut down, restricting oil distribution in the US across the entire southeast. Gas prices spiked, escalating this to a high-profile ransomware attack.
But the Colonial Pipeline ransomware attack was not an isolated incident.
According to the US Justice Department, 2020 was “the worst year to date for ransomware attacks.” Experts predict these attacks will continue to grow. The ease of ransomware distribution and profitability make the lure almost irresistible to online criminals. Add to the mix untraceable digital currency as the preferred method of payment. From a purely capitalist perspective, it’s a diabolical money-making machine.
The online irony is that ransomware creators tap into the same technology that protects your passwords or allows you to do online banking securely. And they take advantage of internet business models such as Software as a Service (SaaS) to distribute the pain.
What is Ransomware as a Service (RaaS)?
The only way Dr. Popp could spread his malware was on infected floppy diskettes. In the pre-internet era, this was how all software was distributed. When Lotus released a new version of its spreadsheet, the disks arrived in cool packaging at your favorite software shop.
But with the hyper interconnectivity of the WWW, developers found it more economical to host the software on servers that users would access via the internet. So Software as a Service (SaaS) became the new normal.
SaaS is so common that most don’t realize how much it is part of life in an online world. Dropbox, G Suite (Gmail), and Netflix are almost household names and are also SaaS.
Ransomware as a Service (RaaS) adapts the SaaS model to the development and distribution of ransomware. Bad actors with little tech expertise can purchase established malicious code and focus on spreading it around and collecting the bounty. They share the profits with the developers.
And there is plenty of profit to share. Ransomware revenues were around $20 billion in 2020, up from $11.5 billion the previous year.
Antidote to Ransomware
Here are some things you can do to avoid being a digital victim of a ransomware attack.
- Use different passwords
- Set up 2-factor authentication if available
- Avoid email phishing scams
- Keep your PC updated
- Use anti-malware software
- Have a backup plan
If you do get infected, DO NOT pay the ransom. These are criminals and there’s no guarantee they will release your data. Contact TecAdvocates to review your options.