Ransomware has been the most pervasive cyber threat since 2005. According to publicly available information, ransomware infections have outnumbered data breaches 7,694 to 6,013 over the past 11 years.
Over the years there have been two distinct varieties of ransomware which remain consistent: crypto and locker based. Crypto-ransomware is ransomware variants that actually encrypt files and folders, hard drives, etc. Whereas Locker-ransomware only locks users out of their devices, most often seen with Android based ransomware.
New-age ransomware involves a combination of advanced distribution efforts such as pre-built infrastructures used to easily and widely distribute new strains as well as advanced development techniques such as using crypters to ensure reverse-engineering is extremely difficult. Additionally, the use of offline encryption methods are becoming popular in which ransomware takes advantage of legitimate system features such as Microsoft’s CryptoAPI, eliminating the need for Command and Control (C2) communications.
Terrance DeJesus of Solutionary's Security Engineering and Research Team (SERT) takes a look back at the highlights and the evolution of ransomware throughout the years.