Things You Should Know But Don’t: Ransomware 2.0

Posted June 21, 2021

Ransomware has been around for a long time. The first case originates in the late 80s with something called the AIDS Trojan– a simple floppy disk was sent to the WHO AIDS Conference in 1989. When the software it contained was opened, it demanded either a monthly payment of $189 or a lifetime payment of $378 to decrypt the files it contained. It was an easy attack to circumvent, in the end, and asked very little of the end users. Since then, ransomware has changed a lot- both in its tactics and its scope.

Up until the mid-2010s, ransomware was focused on mostly attacking individuals. Once the attacks on corporations began, however, the damages in money and affected people increased to unimaginable levels. In 2017, the largest attack to date happened in South Korea, when web host Nayana paid 1 million to the hackers who infested their computers with a virus called Erebus. It was clear back then that the landscape around ransomware was only going to get worse. In fact, the South Korean attack was far outdone by the recent Colonial Pipeline hack in May, which originally cost the company 4.4 million USD in bitcoin.

In 2020, we started to see the increase of something called Ransomware 2.0. Previous methods of ransomware have simply locked users out of their systems indefinitely until they pay. This meant that if the victims did not comply, the data was simply lost to them forever, so long as it remained encrypted. Ransomware 2.0 involves the hackers stealing and copying the data first and then encrypting it. Once the hackers have the data, they’re able to threaten to leak it to the public. This is an especially scary concept when applied to corporations, as it has been for the past years. Companies now have extra pressure on them to pay so that their users don’t lose faith in their security and end up hurt from the leaks. It is no longer just a loss of access to data, but a complete loss of privacy for that data. Unfortunately, that leaves end-users, and not the companies themselves, as the real victims of the breach. For instance, in December 2020, a cosmetic surgery group called The Hospital Group had patient data stolen which led to a leak of patient’s personal data, including photographs. In this case, it seems that personal data such as payment information wasn’t collected, but the intent to try and destroy the medical group’s reputation by humiliating and outraging its customer base is clear. Ransomware groups work on the assumption that corporations would often prefer to pay the money than deal with the fallout of data leaks, which can also be extremely costly. However, it is still discouraged to pay these hackers when the attacks happen- after all, if the tactics work, they will continue.

Protecting your data on personal devices is already a difficult task, but trying to control how companies protect your data is impossible. Companies strive to earn trust from their consumers, especially in cases where they commonly handle sensitive information. In retrospect, it seems like a natural evolution of ransomware to move from a lockdown situation to a hostage situation, with you as the unwitting victim. What’s in store for ransomware next? It’s unclear, but as long as Ransomware 2.0 continues to yield results, it may remain static for the next few years.

Leave a Reply

Your email address will not be published. Required fields are marked *