• Technologies
    • Networking
    • Cybersecurity
    • Collaboration
    • Edge Cloud
    • Managed & Professional Services
    • SASE
  • Customer Stories
  • Insights
    • Business Continuity & Disaster Recovery (BCDR)
    • Customer Experience
    • Data-Driven Business
    • Operational Efficiency
    • Tech Trends
  • Industries
    • Financial Services
    • Gaming
    • Healthcare
    • Manufacturing
    • Media & Entertainment
    • Public Sector
    • Higher Education
    • Retail
    • Technology
  • About Lumen
    • Black Lotus Labs
    • Leadership Perspectives
    • Newsroom
    • News Spotlights
  • Technologies
    • Networking
    • Cybersecurity
    • Collaboration
    • Edge Cloud
    • Managed & Professional Services
    • SASE
  • Customer Stories
  • Insights
    • Business Continuity & Disaster Recovery (BCDR)
    • Customer Experience
    • Data-Driven Business
    • Operational Efficiency
    • Tech Trends
  • Industries
    • Financial Services
    • Gaming
    • Healthcare
    • Manufacturing
    • Media & Entertainment
    • Public Sector
    • Higher Education
    • Retail
    • Technology
  • About Lumen
    • Black Lotus Labs
    • Leadership Perspectives
    • Newsroom
    • News Spotlights

Part 1: What is ransomware and how it evolved

Beth Kohler Posted On April 6, 2021
0
9.3K Views


0
Shares
  • Share On Facebook
  • Tweet It

A computer screen filled with lines of code and command line interfaces, leaving an empty space shaped like a skull in the middle

Just a few years ago, few companies had ever heard of ransomware. Today, it has become a cybersecurity scourge. This article, the first of a three-part series on this cybersecurity threat, explores what it is, how it evolved, and why your company should be putting protections in place to avoid ransomware attacks now.

Ransomware is malicious software with a twist. Instead of just turning your endpoints into botnets or defacing your website, it targets you with extortion. Ransomware typically encrypts your critical data, relying on you not having backups, and then charges you for the decryption key to get that data back.

Criminals have long relied on extortion as a form of income, from DDoS attacks to threats to publish stolen data. Ransomware has been a part of their arsenal since the nineties. Initially consumer-focused, it used various methods to dupe victims, including impersonating law enforcement. That trend continues today with ransomware such as Reveton, also known as FBI MoneyPak, displays a message purporting to be from law enforcement claiming that the victim had been viewing illicit material on their computer. It locked their entire machine and then demanded a ransom in prepaid cards to grant access.

Criminals also developed malware early on that encrypted files and demanded a ransom key to retrieve them. Early attempts dating back to 1989 were unsophisticated, using symmetric keys that could be recovered from the victim’s machine. It took several years for developers to improve. Early ransomware would often use decryption keys that would not work or would use one key that would unlock every victim’s files.

Even as their technologies improved, criminals still used immature business models. They would use untargeted ‘spray and pray’ attacks, hitting consumers and businesses indiscriminately. That limited their potential earnings.

How ransomware grew up

In recent years ransomware has become far more sophisticated. What was once restricted to locking up peoples’ personal photo collection has mutated, becoming a carefully managed business with high margins. This is due in part to the rise of cryptocurrency, which emerged in 2009 with bitcoin but only became mainstream in the mid-2010s as digital currency prices soared and other kinds of online tokens appeared.

As anonymous payment options grew easier, criminals refined their operations, launching targeted attacks on specific companies that they knew would have more at stake and be more willing to pay. Although there have been some notable attacks on larger organizations in recent years, ransomware criminals continue to turn a healthy profit from smaller companies.

Ransomware perpetrators have used targeted attacks to pry more money from victims. Businesses typically have more money at their disposal than individual targets, and their data also has more monetary value. In some cases, the disruption to operations from ransomware has been so great that it has cost businesses thousands of dollars in operational losses. This has caused the average ransom size to increase from $84,116 in Q4 2019 to $154,108 in Q4 2020.

Evolving business models

The business model for ransomware has also evolved, with perpetrators applying the same economies of scale to this criminal enterprise as legitimate businesses do to their own products. In their 2021 Spotlight Report on ransomware, RiskSense and Cyber Security Works (CSW) reviewed the rise of ransomware-as-a-service (RaaS).

The RaaS model, typified by operations like Ryuk and Revil, uses a franchise system to maximize the return on investment for ransomware developers. Ransomware groups with the technical expertise to develop the malicious software make it available to other attack groups which then use their own techniques to get it into victims’ systems, including phishing campaigns and exploiting network vulnerabilities. This lowers the barrier to entry for criminal groups to infect victims with ransomware, spreading the problem.

Ransomware-as-a-service operations use the same professional approach to online automation as legitimate companies. They include technical support for franchisees and fast, automatic payment and data decryption services for victims.

As ransomware matures, its business model continues to evolve. Recently, monetization techniques have expanded beyond simple payment for decryption. Criminals are now using double extortion techniques in which they steal files before encrypting them. This enables them to blackmail victims to prevent the publication of sensitive data, while also paying to retrieve it.

We have seen companies ranging from movie studios to celebrity law firms fall victim to these attacks, losing data to ransomware groups who then publish the data unless the companies pay up.

Ransomware attacks are becoming more technically sophisticated as attackers increasingly employ advanced intrusion techniques against specific targets. These include identifying likely targets via network weaknesses including RDP flaws and then moving laterally through systems to infect as many devices and network shares as possible.

No wonder, then, that researchers are noticing nation state actors using ransomware to wreak havoc on their targets for purposes that are often non-financial. APT groups are often state sponsored, and the RiskSense/CSW report identified several such groups that are well-funded and willing to launch ransomware attacks on adversaries’ critical infrastructure.

As ransomware continues to evolve, every company is at risk, whether large or small. Discover how we can help to protect you against this threat, and how to mitigate an existing compromise.

Learn how to prevent ransomware like a pro in part 2 of this series.

Read More

Learn more about Lumen Ransomware Assessment.

Learn More

This blog is provided for informational purposes only and may require additional research and substantiation by the end user. In addition, the information is provided “as is” without any warranty or condition of any kind, either express or implied. Use of this information is at the end user’s own risk. Lumen does not warrant that the information will meet the end user’s requirements or that the implementation or usage of this information will result in the desired outcome of the end user. ©2021 Lumen Technologies. All Rights Reserved.

Post Views: 9,314

Related posts:

  1. Part 3: How Ransomware Attacks are Escalating and What to Do About Them
  2. Charting the real-world application of CTFs
  3. ZuoRAT Hijacks SOHO Routers to Silently Stalk Networks
  4. What is a brute force attack?
0
Shares
  • Share On Facebook
  • Tweet It


CyberthreatsNetwork SecurityRansomware


Author

Beth Kohler

Beth Kohler is Sr. Director of Product Management for global security products at Lumen. She is responsible for the managed security services portfolio. Beth’s focus is in creating differentiated product experiences and consulting services. Beth has more than 20 years of product management experience across multiple technology companies.

Trending Now
Beyond the Finish Line: How Churchill Downs Racetrack Harnesses Advanced Network Solutions for Seamless Kentucky Derby® Operations
Lumen Customer Stories Team April 23, 2025
Announcing the Lumen strategic partnership with Google Cloud: Transforming the future of cloud and network solutions
Lumen April 9, 2025
You may also like
SASE Isn’t Here To Replace MPLS VPN, Despite What You’ve Heard
April 11, 2025
Building Trust Through Innovation: Massey Services Optimizes Agile Operations for Seamless Service and Safer Communities
April 9, 2025
Bridging the Cybersecurity Communication Gap Between IT Directors and Business Leaders
March 19, 2025
IDC and Lumen find the edge in retail banking
Read Next

IDC and Lumen find the edge in retail banking

  • Categories

    Adaptive Networking

    Connected Security

    Hybrid Cloud

    Communications and Collaboration

    Edge Computing

    SASE


  • Lumen is unleashing the world’s digital potential. We ignite business growth by connecting people, data, and applications – quickly, securely, and effortlessly. As the trusted network for AI, Lumen uses the scale of our network to help companies realize AI’s full potential. From metro connectivity to long-haul data transport to our edge cloud, security, managed service, and digital platform capabilities, we meet our customers’ needs today and as they build for tomorrow.

Services not available everywhere. ©2025 Lumen Technologies. All Rights Reserved.
Press enter/return to begin your search