Australian organisations are a soft target for ransomware attacks, say experts who this week issued a fresh warning that the government needs to do more to stop agencies and businesses falling prey to cyber-crime.
But in truth, the danger has been growing worldwide for more than three decades.
Despite being a relatively new concept to the public, ransomware has roots in the late 1980s and has evolved significantly over the past decade, reaping billions of dollars in ill-gotten gains.
With names like Bad Rabbit, Chimera and GoldenEye, ransomware has established a mythical quality with an allure of mystery and fascination. Unless, of course, you are the target.
Victims have few options available to them; refusing to pay the ransom depends on having good enough backup practices to recover the corrupted or stolen data.
According to a study by security company Coveware, 51% of businesses surveyed were hit with some type of ransomware in 2020. More concerningly still, typical ransom demands are climbing dramatically, from an average of US$6,000 in 2018, to US$84,000 in 2019, and a staggering US$178,000 in 2020.
A brief history of ransomware
The first known example of ransomware dates back to 1988-89. Joseph Popp, a biologist, distributed floppy disks containing a survey (the “AIDS Information Introductory Diskette”) to determine AIDS infection risks. Some 20,000 of them were reportedly distributed at a World Health Organization conference and via postal mailing lists. Unbeknown to those receiving the disks, it contained a virus of its own. The AIDS Trojan lay dormant on systems before locking users’ files and demanding a “licence fee” to restore access.