Ransomware: What’s the Story?

While ransomware has been around for decades, ransomware varieties have grown increasingly advanced in their capability to spread rapidly, evade detection, encrypt files, and threaten users.

Recent ransomware attacks on Colonial Pipeline, JBS Foods, and other major organizations have made big headlines, and Lindy Cameron, the chief executive of the National Cyber Security Centre (NCSC), said ransomware “presents the most immediate danger” of all cyber threats faced by the UK right now.

Ransomware is a harsh reality for all tech users however, many companies and individuals fail to protect their data.  At Vitanium we see the results of this on a regular basis, which is why we encourage all tech users to protect their data.

The Evolution of Ransomware Attacks

According to CrowdStrike, “One of the first ransomware attacks ever documented was the AIDS trojan (PC Cyborg Virus) that was released via floppy disk in 1989.” Ransomware has been on a long journey since, helped along by Bitcoin, right through to the advent of Big Game Hunting (BGH) .

A History of Ransomware Development (Source: Ransomware.org)


GPCoder – Message displayed on a user’s home screen, directing them to a .txt file posted on their desktop. The file contained details of how to pay the ransom and unlock the affected files.


Archiveus Trojan – Primarily a Windows-based attack. Encrypted the MyDocuments directory. First ransomware to use RSA encryption.


Lockerransomware (FBI MoneyPak) – A category of ransomware that hit mobile devices.


CryptoLocker – First ransomware to demand payment in bitcoin.


CryptoWall – Leveraged a Java vulnerability.  Nearly 1,000 victims; estimated losses of at least $18 million


Locky – First widespread ransomware. As many as 500,000 phishing emails per day were sent out.  Other ransomware made its debut in 2016 as well, including: * Cerber * Jigsaw * TeslaCrypt * SamSam* Petya.


WannaCry and NotPetya – WannaCry attacked an estimated 200,000 computers in 15 countries. NotPetya was a variant of Petya that targeted victims in Ukraine, including the National Bank of Ukraine. U.S. officials estimated damages from the NotPetya ransomware at more than $10 billion


DarkSide – Colonial Pipeline attack. Pipeline was shut down for six days. Colonial paid a $4.4 million bitcoin ransom.

What can we learn from this?

Ransomware attacks are increasing in sophistication all the time, with cybercriminals continually refining their methods. What’s vital to remember is, no matter how shocking or large-scale the ransomware attacks making the news are, small to medium size businesses and individuals are being affected every day, even if this doesn’t make the headlines.

The 4 main techniques to be aware of:

1. Encryption

A ransom transaction, where cybercriminals encrypt your data, making your applications and systems unavailable. The criminals offer to unlock the systems with a decryption code once you’ve made payment.

2. Exfiltration

Exfiltration is an unauthorized transfer of critical data. This means removing data through backdoors, remote shells or compromised remote terminal services. Exfiltration and subsequent encryption give cybercriminals more bargaining power when threatening companies into paying up.

3. Extortion DDoS

A Denial of Service attack is a deliberate shutdown of a system which prevents legitimate users accessing services provided by the server or connected systems.

4. Harassment

Stolen data is frequently used to harass customers, employees, companies and individuals. The threat of “going public” with whatever sensitive information they may have, often results in the ransom being paid.

What does the future hold?

The 2021 NCSC speech suggested that ransomware will continue to evolve and users must be vigilant and aware of how to protect themselves.  CrowdStrike expects that cybercriminals, “will continue to refine their data-leak extortion ransomware tactics, develop increasingly sophisticated exfiltration tooling that can be deployed widely, and automate data exfiltration by searching for, identifying and exfiltrating sensitive data by keyword.”

If ransomware continues to evolve, how can you protect your data?

Our Techncical Director, Paul Houselander suggests, “I would advise everyone to do a thorough data audit, then act on it.” You can read his blog about cyber security here and our article about how to improve your data audits and backup plans here.

How can Vitanium help?

At Vitanium, we can implement ransomware protection facilitated by our technology partners, Zadara, and Veeam. This provides you with immutability – the capability to safeguard your files and ensure they cannot be deleted in case of a ransomware attack, so you can easily restore your business back to normal quickly and efficiently, without having to pay the ransom.

If you’d like further information on how best to protect your data, give us a call on 44 (0)345 258 1500 and we’ll be happy to advise you. Or use our Contact Page – Vitanium