With every employee now a stakeholder of the organization’s cybersecurity posture, having a good overview of ransomware history boosts cyber awareness.

Over the past decade, ransomware attacks have not only increased in frequency, but also in sophistication. However there has been significant progress in preventing these attacks.

In order to keep up with the increasingly sophisticated cybercriminals, every organization has to make each employee a stakeholder in cyber hygiene and vigilance.

To start off, employees need to have a basic understanding of how ransomware has evolved over the years, and how their organization is vulnerable unless their weakest links are constantly protected and on guard.

1989: The first ransomware attack 

The first documented case emerged in 1989, when 20,000 floppy disks infected with a computer virus were sent to individuals that had attended the World Health Organization’s international AIDS Conference in Stockholm.

Once loaded into a computer’s memory, the virus proceeded to hide file directories, lock file names, and inform victims that they could only restore access to their files by paying a ransom.

2000 – 2017: Modern ransomware, their variants and threats

Almost 20 years after the first attack, the first locker ransomware variants appeared on the threat landscape.

These early versions targeted users in Russia by locking up victims’ machines and preventing the use of basic devices such as the keyboard and mouse. After displaying an ‘adult image’ on the infected computers, the ransomware would instruct victims to either call a premium-rate phone number or send an SMS text message to meet the attackers’ ransom demands.

A few years later a new ransomware threat called ‘CryptoLocker’ emerged. This was a type of malware that encrypted victims’ documents, spreadsheets, images, and other files on Windows computers, before displaying its ransom note.

Attacks involving CryptoLocker become increasingly prevalent in the years that followed, with the FBI estimating that by the end of 2015, victims had paid US$27m to CryptoLocker operators.

2018 – Present: Ransomware undergoes digital transformation

By 2018 the FBI had observed a decline in indiscriminate ransomware attacks. Such campaigns were paving the way for targeted attacks—in particular, against state and local governments; healthcare entities; industrial companies; and transportation organizations.

Many ransomware groups made this shift to targeting large organizations so that they could encrypt high value data, undermine victims’ operations, and thereby demand an even higher ransom payment.