Evolution of Ransomware? How Can You be Safe?

The immense growth of the internet and the augmented use of computers have also paved the pathway for the emergence of cyber criminals. By making use of a variety of “malware,” they have raised a ruckus in the lives of people.

Malware is malicious software designed with the intent to damage and disrupt a user’s computer system. Majority of them tend to make money from the targets.


Ransomware is the most popular and troublesome malware type which has turned people’s lives topsy-turvy. It has been a dominant threat to different organizations, enterprises as well as individual users.

Once active on the computer system, it locks the system and prevent the user’s access, demanding a ransom payment from the targeted user for regaining access.

Ransomware attacks are cyber threats and are getting more sophisticated with time. Once it infects the system, it encrypts all the user’s files and shows instructions to the target for paying the ransom to obtain the decryption key.

In this article, we will discuss about how ransomware originated and how it’s evolving day by day.

What is ransomware?

Ransomware is malicious software that infects and locks the user’s system, usually by encryption, and demands ransom from the victim to provide the decryption key.

The saddest truth is even after paying the money, there is no guarantee that the attacker will unlock the files.

Ransomware can spread through pernicious emails, infected external storage devices, malicious software applications, and websites.

Often the attackers induce false pop-up messages on the computer screen telling that the victim might be arrested for doing certain illegal activities and must pay “fine” to escape punishment from the government.

While some people immediately identify them to be fake and spam, the messages are so tempting and realistic that many people believe in them and are trapped.

Cybercriminals, engaged in ransomware attacks, are continually thinking and inventing new techniques to attack. The more the number of devices, the higher is the increase in the number of such attacks.

The first ransomware attack – Its evolution

While the fame of ransomware attacks have risen since the mid-2000s, the first attack of this kind dates back much earlier. The first known attack was led by Joseph Popp, an AIDS researcher, in the year 1989.

The attack was executed by the distribution of 20000 floppy disks across 90 countries. The disks claimed to contain a program that would analyze the risk of a person acquiring AIDS based on a questionnaire.

Initially, the malware remained dormant in the computer systems.

It activated after a system was powered on 90 times and showed a message demanding a payment of $378 for a software lease. This ransomware attack is known as the “AIDS Trojan” or PC Cyborg.

Unlike today where payments are instructed to be paid via bitcoins or credit cards, it was asked through postal service during that time.

The cybercriminals are day-by-day coming up with new ideas by utilizing more and more sophisticated and hard to crack algorithms for encryption. After 1989, its emergence stemmed up rapidly from the mid-2000s.

In May 2005, the “Trojan. The WebSense Security Labs discovered Gpcoder” family. It is a trojan horse that searched files with various types of extensions and encoded them.

It encrypts the files and asks for a ransom from the victim for their decryption.

In March 2006, the “Trojan. Cryzip” mushroomed. It created a password-protected zip library and locked all the user’s data in this file. It then demanded a ransom in exchange for the decryption key.

In June 2006, the “Trojan. Archiveus” family was born. It introduces password protection on user’s files thus restricting the user’s access. It then prompts the user to purchase certain things from a website to obtain the password for unlocking the data.

One after another ransomware attack has been developing at a rapid pace, and many variants have impacted different sectors by 2017 and have raised ruckus worldwide.

The motive behind the ransomware attacks is to generate revenue directly. Top six countries affected by ransomware by 2015 include U.S.A, U.K, Japan, Italy, Germany, and Russia.

The most common risky areas that welcome the attacks are misleading applications, fake antivirus scams leading to locker and crypto ransomware.

The door to ransomware attacks

From statistics, it can be observed that about 60% attacks occurred through misleading applications in the year 2005. These attacks shot up to 90% by 2009.

With passing years, cyber criminals are devising different other ways to invade a user.

Let us discuss in detail each one of them.

Deceptive applications

Misleading apps were ubiquitous in 2005 and kicked off the digital extortion pattern. They usually targeted Windows computers and sometimes Mac OS X computers too.

They displayed fake computer problems for the users and demanded payment, fakely promising to fix the issues.

Examples of such apps include SpySheriff ( fake spyware removal tool), PerformanceOptimizer and RegistryCare (performance boosting tools), etc.

They asked the user to purchase a license by paying money between US$30 to US$90 to resolve the problems. In reality, none of them fixed anything despite taking the money.

Fake Antivirus (AV)

Fake AV became famous between 2008-2009 and branched from the misleading apps. They forced the users to believe that their devices had been infected with malware and must pay for the concerned software licenses to get out of it.

They mimicked real legitimate softwares and performed some fake scans. They kept telling the users about multiple threats on the system whereas in reality there was no such thing. They demanded a fee between the US $40 to the US $100 to fix all the issues.

But this did not work out as most of the users either neglected the warnings or uninstalled the software. Thus, the cybercriminals received a set back in their earning.

Locker ransomware

As the people became aware of fake apps and AV scams, cybercriminals started chalking out newer plans to destroy and disrupt services and to continue their fraudulent income.

They came up with an idea of locking the computer and thereby disabling the user’s access to it. It is called the locker ransomware.

Locker ransomware creators implement social engineering techniques to persuade the users to pay the money. Earlier, they used to pose as a helping tool by displaying messages of fixing issues in exchange for money.

With time, they started boldly and directing asking for the money, to regain access.

Though it popularized in 2011-2012, the first of its kind appeared in 2008 as “Trojan.Randsom.C”. It tricked users through a Windows Security Center Message, instructing to call a premium rate phone number to renew the subscription for the software security.

The moment the user initiated the call, his computer got locked from further access. Locker ransomware attackers generally utilize the law enforcement and authoritative texts illegally, to convince the user.

Locker ransomware demands the US $200 on an average. They ask for the payment through money payment vouchers.

Crypto ransomware

Most locker ransomware could be removed by using tools like Norton Power Eraser and SymHelp. This led to a dip in the revenue collection of the attackers. They again went on to explore something new.

This time, they blossomed with crypto ransomware which is till date a very infamous and dangerous threat to mankind, ever since 2013. It typically displays an extortion message demanding a lump sum from the affected users to have their files decrypted.

Crypto ransomware, nowadays, has become more powerful with the use of stronger encryption algorithms (both symmetric and asymmetric). They guarantee that once encrypted, the files cannot be unlocked without the proper decryption key.

Crypto ransomware demands the US $300, on an average, as ransom. However, the demand may vary from place to place. They prefer payment through bitcoins to secure their identity from being revealed.

Some noted attacks are CryptoLocker (2013), CryptoWall (2014), TorrentLocker (2016), Locky (2016), Petya (2016) and WannaCry (2017).

How to stop the evolution of ransomware?

Ransomware cannot be stopped from its evolution because it is a never-ending quest of exploring and discovering techniques to harm different systems.

On innovating one technique and using it at peak for three to four years, the attackers change their approach and pay attention to a different malware or method.

Out of the different types of ransomware attacks, the crypto ransomware is the most popular and in fashion, until now. What the next step will be is uncertain, but it is sure that once this reaches its climax, something new will stem up.

Though it is hard to predict the malware attacks, there are always some precautionary measures which you can undertake to reduce the risk of attacks.


How to reduce the chances of being attacked by ransomware?

There could be different ways through which you can be alert and safeguard you and your data from ransomware.

  • Install well-known, trustworthy anti-virus and anti-malware software and keep them updated.
  • Do not click on any attachments or links on emails from unknown senders. Avoid clicking anything showing up on the pop-up windows while browsing.
  • Malware developers can implement code that might aid in the failure of their detection by primary anti-malware scanners. That’s why install Second Opinion Malware Scanner to beef up the defense and detection mechanism in such cases.
  • Maintain a solid backup of all your data.
  • Use strong passwords.


It is nearly impossible to retrieve your data once they are locked away due to ransomware attacks. The chances of standing tall through the attacks and coming out safely are analogous to Darwin’s theory of “Survival of the Fittest.”

Ransomware is developing into new forms each day and is an ever-increasing threat worldwide. With more advancements in technologies, the ambit of such attacks also keeps rising. These attacks are continually changing their patterns and hence, are impossible to stop.

Ransomware can cause severe damages, from an individual level to an organizational level. With immense losses of data, there lie chances of losing a huge amount of money and gaining nothing in return.

To cope with ransomware attacks and to incorporate countermeasures is a serious challenge to all developers and designers. What you can do on your part is to follow the precautionary measures as discussed in this article earlier, stay alert and tighten the security of your systems.


You May Also Like

Private Browsing – Do You Know How to be Secure While Browsing?

‘Private Browsing' is a unique optional feature built into web browsers, that makes sure Browsing History is not stored and Cookies are not saved. Once enabled, this ensures that one does not leave any trace with the browser.

Best Anti Malware – A Comprehensive Study With Guidelines

Malwarebytes, Kaspersky, Bitdefender, Eset, etc. are some of the popular anti-malware applications which offer all-round protection to your system and secure your data from any malware attacks

Free Antivirus for Android phones – A Quick Guide

AVL, AVG, Avast are some of the free antivirus softwares for Android devices. They can be installed to keep your mobiles secure.

What is Computer Virus? How do Viruses Spread?

A virus is a piece of malicious code that interferes with the normal functioning of a system and damages the way it operates. It is self-replicating in nature and copies itself or attaches itself to other legitimate programs and runs when that program runs.

Port Knocking and Security. How Are They Synonymous?

Port knocking is an authentication technique used to open closed ports which are behind a firewall. It is mainly used to prevent hackers from doing a port scan and is one of the security measures a network administrator takes to secure the network.

More Articles Like This