The use of information technology has widened in the past few years. With the evolving IT industries and infrastructure comes an ocean of development and opportunities and a series of new cyber threats. Ransomware is an inevitable threat that brings inconceivable devastation that one could hardly imagine. Essentially, ransomware is not a new threat. But it is evolving into a new and massive cyber threat that not only extorts money and sells user data into the darknet but has also started targeting users, forcing them to contribute to any existing social problems, for instance, poverty. Ransomware has mapped its journey from a weaker failure model to a highly evolving business model called ransomware-as-a-service (RaaS) model. This chapter discusses ransomware from its origin to an evolved cybercriminal business model. It also reveals all those hidden and unexplored consequences and threats that ransomware can bring with it, focusing on future technologies. Apart from looking into the future, the implications of ransomware as a weapon for social problems have been well discussed.
Top1. Introduction
Organizations and governments at all levels are increasingly using Information and Communication Technologies (ICT) to enhance productivity, improve efficiency in service delivery, speed-up development in all sectors of the economy, and improve governance. They use ICT to create, store, process, access, and transmit business or mission-critical information in electronic formats. This information could be strategic, demographical, historical, or legal, or may contain financial statements, procedural documents, data of citizens, industry or resources, etc. Essentially, the value associated with data collected by organizations or governments is increasing phenomenally, attracting the attention of adversaries and attackers. Cybercriminals can carry out identity theft to perform financial frauds, steal corporate information such as intellectual property, conduct Cyber espionage to steal state and military secrets, recruit criminals, and disrupt critical life-sustaining infrastructures such as power, banking and finance, transport, air traffic control, telecommunications, etc., by exploiting the vulnerabilities in any system connected to the Internet. Cyber threats are becoming more organized and targeted, reaping immense benefits from data compromises. Therefore, providing the desired level of security to the mission or business-critical data is the highest priority for economic prosperity, nation stability, and security.
Despite a million malware families in the bucket, ransomware (Ryan, 2021) is one of cyberspace's most notorious and inevitable threats. It is one of the most highly evolving malware of the time. Ransomware works by intruding into the system by bypassing firewalls and other traditional defense mechanisms like Demilitarized Zone (DMZ) and Intrusion Detection & Prevention System (IDPS), etc., and getting unauthorized access to the target system. Essentially, ransomware either locks the system or encrypts valuable files against a ransom that is supposed to be paid in the form of cryptocurrency, e.g., Bitcoins (Nakamoto, 2008). Ransomware can be classified into two types based on their attacking nature, i.e., Cryptographic Ransomware and Locker Ransomware (Oz et al., 2022). Cryptographic ransomware encrypts the valuable files of the target. It demands a ransom to get those decryption keys (which holds no guarantee) and is more prevalent in PCs, Workstations, Servers, and cloud storage.
In contrast, the Locker Ransomware locks the target system so that the user cannot access the system until the ransomware demand is fulfilled. It is more prevalent in Mobile (Android mainly) (Ko et al., 2019). Earlier, there was a time when the IT industry had not spread its tentacles worldwide. Ransom demands were still on. The difference was it was a phone call for your child or colleague, not your data or privacy. It's just the fact that things got digitized. The rapid growth of the IT industry has triggered an increase in the number of Cyber attacks. Cyber attackers have started making ransomware attacks as a primary weapon and a business model (RaaS) (Kshetri & Voas, 2022). From the failure of the first strain of ransomware, i.e., AIDS Trojan (KnowBe4, 2023a), to the successful attack stories of Wannacry ransomware (Da-Yu et al., 2019; Kumar et al., 2018) and the most recent Corona ransomware attacks (Cyberark, 2023), ransomware has become the biggest concern of the world! The damages caused by earlier ransomware strains were reversible. However, modern-age ransomware damages are irreversible without a proper backup (Oz et al., 2022). Ransomware is just like a silent killer but is a sharp killer, and to address this problem, we need an active detection mechanism that detects ransomware at the early stage of intrusion.
Figure 1. Evolution of ransomware in chronological order