At its rudimentary stage, online extortion was all about bluff and did not use cryptography at all. It hinged upon screen lockers stating that the FBI caught users violating copyright or distributing NSFW content. Victims were instructed to pay a fine via a prepaid service such as MoneyPak or Ukash.
Things have changed dramatically over time. Ransomware operators rethought the range of their intended victims, switching to the enterprise as juicier prey than individuals. In recent years, they also added a data leak strategy and DDoS threats to their genre. As a result, online extortion has matured into one of today’s most detrimental cybersecurity perils.
Ransomware went pro in 2013
The first mainstream file-encrypting ransom Trojan called CryptoLocker made its debut in September 2013. It used an asymmetric 2048-bit RSA cipher to lock down data and stored the decryption keys on its command-and-control (C2) server. The size of the ransom initially amounted to $100 worth of prepaid cards or bitcoins but grew to $600 in only three months.
This campaign came to a halt in June 2014 due to a law enforcement crackdown called Operation Tovar. Although the infection was short-lived, it played its evil role by demonstrating the viability of the extortion model with cryptography at its heart.
A series of predatory programs, including CTB-Locker and CryptoWall, followed in the footsteps of CryptoLocker shortly afterward. Their makers targeted different types of operating systems and took the dodgy tactics further by hosting payment sites and C2 infrastructures on the Tor anonymity network.
In 2016, threat actors gave their schemes another boost by launching a ransomware deployment mechanism that resembled a garden-variety affiliate marketing framework. Known as Ransomware-as-a-Service (RaaS), this approach