Photo by Alvaro Uribe on Unsplash
The Beginning
The first ransomware attack, AIDS Trojan, was deployed over 30 years ago. Joseph L. Popp, a Harvard academic, is credited for this. At a World Health Organization summit in 1989, he distributed over 20,000 disks to delegates. These disks, labeled “AIDS Information – Introductory Diskettes,” would wait until after the machine they were installed on rebooted for the 90th time.
The installed virus would then activate after the reboots and encrypt files and hide directories. Users were then instructed to send a check in the amount of $189 to a P.O. box in Panama. Popp’s arrest never went to trial due to his poor mental health.
Popp was years ahead of what is now an ever increasing threat. It would take another 15 years for ransomware to really burst onto the scene. Once it did though, it evolved quickly.
The 2005 Resurfacing
Ransomware reared its ugly head again in 2005. With the quickly growing internet, hackers introduced Archievus. This strain simply locked users out of the My Documents file until payment was remitted. While users still had access to other folders on their desktops, most were saving documents there. It wreaked havoc.
Similarly, The GPCoder ransomware was also appearing in 2005. This strain was more advanced and encrypted then deleted the original files. A .txt file was then placed on the desktop with instructions on how to pay for the decoder key.
Eventually it was discovered that running a simple virus scanner could delete both these strains. This is when ransomware took its next step.
Continued Evolution
Between 2009 to 2012, ransomware moved from scareware (Vundo scared users into performing an action to get a fake fix then encrypting files) to ransomware encryption. As these new threats emerged, so did the severity of their intrusions.
The game changed again in 2013 with the introduction of CryptoLocker. Not only did the virus have the ability to lock down the system, it also put a clock on the amount of time there was to pay the ransom. CryptoLocker could be decoded, but had two different keys. The likelihood of a savvy user finding those on their own was nearly impossible.
Including The MACs
Up until 2016, MAC users were feeling pretty safe. Ransomware was a PC problem. That is, until KeRanger exploded onto the scene. Not only were MAC files now able to be targeted, but KeRanger also messed with MACs restore system. If MAC users thought they could roll back to an earlier save, they were in for a surprise.
2017 brought the introduction of a patcher app that encrypted files when the user tried to install. The installation was supposed to allow the user to download popular software like Microsoft Office or Adobe Photoshop without having to pay. Instead, it ripped through the system encrypting as it went. Since the decryption tools didn’t work, paying the ransom was pointless.
Another Leap Forward
In 2017, WannaCry and Petya advanced ransomware yet again. They targeted exploits in older versions of Windows. Once installed, the ransomware would search the network for more of these vulnerabilities. These two were so devastating, they made news world wide.
All the while, MAC users stay fairly certain that they’re running the safest operating systems on the market. Even with the KeRanger attacks, they seem to have been able to skirt the major ransomware events.
2020; The Year of Change
In June/July of 2020, the malicious codes for ThiefQuest/EvilQuest have been found spreading in pirated copies of Little Snitch and other Mac programs on a Russian torrent forum Rutracker. While this is a form of ransomware, the more sinister aspect seems to be the other purpose of this code. It searches for specific files. Once identified, these files are sent to a central server before encrypting the machine.
Many MAC users labor under the false sense of security that their machines are impenetrable, but that simply isn’t the case. Ransomware continues to evolve as protection software continues to combat it. As we’ve seen over the past 30 years, eventually everyone is vulnerable.
The most effective way to combat malicious threats like ransomware, is an effective security plan. Using common sense practices to avoid phishing scams, having an antivirus that uses a default-deny approach, and actively backing up files are all solid steps in keeping your machines safe.
Default-Deny
Default-deny is simple. Rather than tracking down bad files, default-deny automatically denies access to anything unknown. Currently, most antivirus products work the first way, hunting down the bad.
As we’ve seen, ransomware is evolving. It continues to evolve as we continue to fight it. The only solution that makes sense is a proactive approach like default-deny. For more information on how PC Matic protects you through default-deny technology, visit us here.
