The Evolution of Ransomware: Trends and Defense Strategies

Ransomware is still an ongoing cyber-crime issue. In a recent report titled Ransomware: We noted research by Cybersecurity Ventures that estimated a ransomware attack occurs once within eleven seconds. Putting it differently, it is equivalent to three million ransomware attacks per annum.

Let that sink in. It is not about the number of files encrypted or companies compromised – that’s 3 million unique ransomware attacks on organizations.

Chicago businesses are no different than others. They are also experiencing a load of ransomware attacks and the only solution for that is to take assistance from popular local cyber security Chicago services. These experts are well-equipped to provide invaluable guidance on safeguarding against such attacks.

Where Did Ransomware Begin?

On 23rd, December 1989, Joseph L.Popp, an evolutionary biologist, carried out a Ransomware attack for the first time in history. The attack was made on an outdated internet, which existed back then, but it worked through an infected computer disk.

Pop distributed 20,000 contaminated disks among the participants of the international AIDS forum. The disk was labeled “Introductory Risk Disks for AIDS Information”. Under the disguise of a survey questionnaire to help users compute their risk of contracting HIV/Aids, the disk was surreptitiously infected with ransomware known as AIDS.

After ninety reboots, unsuspecting victims found themselves facing a $189 ransom demand. Eventually, payments were traced to his Panama post office box that Popp had requested. It is surprising that he was caught, but he was never prosecuted.

Since then, many thousands of Ransomware attacks have been committed upon individuals, the small and even massive enterprises around the world. Initially, Ransomware attacks were quite primitive but over time they have evolved into highly sophisticated and almost impossible-to-trace systems. However, the Ransomware will remain and be with us thanks to its high profitability.

The Ransomware Market and Ransomware Groups

Traditional hackers, who were able to simply encrypt data for business are now shifting on the exfiltration of data. There are two commonly used ways in which attackers can gain from the theft of information: One example is an extortionist sends out a threat that states: “I have stolen your customer’s list and sent it onto the system of mine. Please give me the sum of $200,000 or I will make it public”. Another method is to market the exfiltrated.

Since its introduction in 2019, the double-extortion attack has emerged as arguably the biggest trend.

Notorious ransomware groups such as rEvil, Conti, etc, just change their names to dodge the limelight. KrebsonSecurity said that in the business of cybercrime “Reinvention is a basic survival tool … In the oldest trick from the book one fakes his death or “retires” to invent a new identity.” One of the main purposes of such deception is to make the investigators lose track or direct them to other areas for a short while.

Similarly, the offensive landscape is also evolving as rapidly as the defensive landscape. These ransomware groups develop new toolkits as our systems implement more controls and extra detections.

Naturally, newer and less experienced ransomware organizations are also sprouting up every day. However, many recent generation groups have used pre-made exploit kits and ransomware builders, unlike the old generation groups that were always on the forefront working at the cutting edge in an attempt to keep the defenders behind. They may get these tools in one of two ways—often by breaking in through the defenders who go after bigger ransomware gangs and leak their code to discredit them. These tools can then be used by these lower-skilled groups who would then emulate the more-sophisticated groups.

Ransomware Defense Strategies for 2023

The recruitment of ransomware groups is not slowing down. These groups continue to recruit new developers and pen testers as they try to remain relevant in light of the dynamic defence environment.

There are several ways to build defences against ransomware attacks and reduce associated risks.

Never click on unsafe links: Never click on any link on spam mail and other unfamiliar sites. When you click a malicious link, it can begin an automated download that will infect your computer.

Avoid disclosing personal information: Don’t respond to the call or text message or an email asking to obtain personal data from a source that is not trustworthy. Cybercriminals may seek to collect details concerning your personal details in an effort to utilize it in making the message more personal. This will serve as ransomware in the attacks. If you are unsure about this, you should get in touch with the person who has sent the email directly.

Do not open suspicious email attachments: You can also get victimized by ransomware through emailed attachments. Do not open any suspicious-looking attachments. Ensure that you inspect the sender as well as the mailing address to ascertain that it is legitimate before trusting the message. Do not open attachments requiring you to run macros to view them. Opening an infected attachment will run a malicious macro, giving malware control of your computer.

Never use unknown USB sticks: Do not attach strange USB sticks, or any types of other storage media, to your computer in case their origin is unknown. Perhaps there is a storage medium that is being used and the cybercriminals might have infected it and put it in a convenient public place for someone to pick it up and use it.

Make sure you keep your OS up-to-date: Updating programs as well as operating systems makes you less vulnerable to malware attacks. For security reasons, ensure that you benefit from the most updated security patches whenever you update. It becomes difficult for cybercrooks to exploit weaknesses in your programs.


Ransomware has existed for decades, and it’s no wonder that it remains one of the most common types of cyberattack. It is beneficial to every member of the cybercrime supply chain including initial access brokers, and exploit kit developers among others to the ultimate ransomware actors themselves. Shortly, ransomware is a lot more than an ultimate extortion. It’s an entire industry.

Detecting and responding to ransomware earlier than the attacker has a significant foothold in your domain is possible when you keep up with the latest trends, practice a preventative approach, and choose the proper security operations platform.

No comments

Leave a Reply

Most Shared Posts

Write For Us