Table of Contents
More than 30 years since its first appearance, ransomware has become one of the most prevalent forms of cyberattack today. What is ransomware, and how can we protect ourselves against it?
The Dangers of Ransomware
In 2016, the Kaspersky Security Bulletin reported a ransomware attack occurred every 40 seconds. By 2021, Veritas noted this frequency had shortened to just 11 seconds. Experts predict that soon there could be a ransomware attack every 2 seconds. The global cost of ransomware damage is projected to reach $42 billion in 2024, a staggering 57-fold increase since 2015, and is expected to soar to $265 billion by 2031.
In Vietnam, the number of ransomware attacks on enterprise infrastructure increased by 70% in the first quarter of 2024 compared to the same period last year. Major companies like VNDirect, PVOIL, and Vietnam Post have faced ransomware incidents, resulting in data breaches, service disruptions, and severe reputational damage.
Individuals affected by ransomware also suffer significant consequences, including personal information leaks, stolen accounts, financial loss, which can lead to broader psychological repercussions.
The Evolution of Ransomware
Ransomware is a type of malware designed by hackers to encrypt an individual’s or organization’s data files. Victims are then required to pay a ransom to receive a decryption key to restore access.
The first recorded ransomware attack in history was the AIDS Trojan (or PC Cyborg) in 1989. Disguised as an HIV survey, the malware infiltrated computers, encrypting files of medical companies and demanding a $189 ransom for the decryption key.
The emergence of Bitcoin in 2010 greatly expanded the reach of ransomware, as digital currency transactions are difficult to trace, allowing cybercriminals to bypass traditional financial oversight. The 2013 CryptoLocker attack marked a significant shift in ransomware tactics with the use of asymmetric encryption. Many victims reported not receiving the decryption key even after paying the ransom.
In 2017, ransomware was likened to a pandemic following one of the largest-scale attacks in history—WannaCry. Exploiting a vulnerability from the U.S. National Security Agency, the malware rapidly spread to over 200,000 individuals and organizations in more than 150 countries. The infected screens with the “WannaCry” message and countdown timer became a global symbol of fear.
A New Evolutionary Step
Ransomware remains a significant threat even after more than three decades. In a cybersecurity podcast titled “Into The Cyberverse,” expert Hiếu PC stated, “Ransomware is and will continue to be the greatest global cybersecurity threat.”
One notable evolution in ransomware is the rise of Ransomware as a Service (RaaS). Encryption services are sold openly on the dark web for the price of a cup of coffee, making it accessible even to amateur hackers, thus democratizing and proliferating ransomware.
According to Kiều Minh Thắng, Director of IT Cybersecurity Services at VinCSS, cybercriminals may have infiltrated systems long before launching an attack, using advanced techniques to evade defenses. Recently, ransomware attacks have become more unpredictable with double extortion schemes, where hackers not only demand ransom but also threaten to leak sensitive data.
How Does Ransomware Infiltrate?
Users can easily fall victim to ransomware by:
- Using cracked software from unknown sources
- Clicking on malicious email attachments
- Clicking on infected advertisements
- Visiting harmful websites
- etc.
“Prevention Is Better Than Cure” for Businesses
A study by Kaspersky found that 71% of businesses could not fully recover their data after a ransomware attack. Ransomware can reside in systems for an average of 197 days before detection and activation. After detection, it can take weeks or even months to identify the cause, patch vulnerabilities, and restore data and systems. Even paying the ransom does not guarantee data recovery.
The Department of Information Security recently issued a warning to enhance network security against the surge of ransomware attacks.
Kiều Minh Thắng of VinCSS emphasized that the best protection for Vietnamese businesses is preventive measures, especially the secure backup of critical data. Companies should be as vigilant as in wartime, continuously monitoring for early signs of attacks or breaches, and preparing resources for incident response, including processes, personnel, and tools. Internal communication is essential to ensure all departments are ready to coordinate.
Contact VinCSS for advice on the latest cybersecurity solutions here.
What Should Individuals Do?
For individuals, staying updated with the latest cybersecurity knowledge is crucial to protect themselves and avoid becoming the weakest link in their organization. The “Into The Cyberverse” podcast and VinCSS blog regularly update on emerging threats and preventive measures. Subscribe to stay informed and secure.
