“LoveBug”, was a simple piece of malware but 20 years ago, it changed the world of cybersecurity. Originally intended to simply harvest the passwords of a few local internet providers, LoveBug spread around the world, infecting over 45 million devices to become the first piece of malware to really take businesses offline in a significant way.
Whist it was the first malware to have this impact, it would be far from the last. LoveBug proved to be a turning point in malware, paving the way for the emergence of the global ransomware challenge that we’re all fighting today.
Eleven years before anyone had heard of LoveBug, the IT industry witnessed the first real case of ransomware, in the form of AIDS Trojan. AIDS Trojan was spread through infected floppy disks sent to HIV researchers as part of a knowledge-sharing exercise. It worked by encrypting file names and then demanding that victims post a cheque to a PO Box in Panama to regain access to them.
What was critical with LoveBug, was the shift of malware from limited exposure to mass destruction. 45 million compromised devices a day, could equal 45 million daily payments. The ‘love child’ of LoveBug and AIDS Trojan was the ransomware that followed, with GPCoder and Archievus hitting businesses around the world. Hackers also harnessed ecommerce sites to find better ways to receive payments.
The protection industry reacted again, with good actors working together to crack the encryption code on which Archievus relied, and sharing it widely to help victims avoid paying any ransoms. Since then the cat-and-mouse game has continued with viruses like CryptoLocker, CryptoDefense and CryptoLocker2.0 building new attack strategies, and the protection industry implementing new defences. By the time that WannaCry launched, it was able to infect 230,000 devices, in over 150 countries, demanding ransoms in 20 different languages and receiving payments in cryptocurrencies.
Data protection has become more sophisticated too, with four areas that should now be part of every business’s ransomware strategy: protect, detect, respond and recover.
What can we expect next?
AIDS Trojan targeted the healthcare sector and ransomware will continue to focus on these organisations due to their heavy reliance on mission-critical information for their day-to-day activities. To stay one step ahead, these organisations need to improve their data visibility and further automate their backups.
Finally, social engineering and phishing is becoming increasingly central to the success of a ransomware attack. The LoveBug was successful in a scattergun fashion, but still relied on social engineering. Had people been less inclined to open an email with the subject line ‘I love you’, the spread of the malware would have been far more limited. If you know hackers might get past your line of defence, prevention can’t be your only option.
In the ever-evolving game of cat and mouse between hackers and businesses, we’ll continue to see innovation on both sides. What’s clear is, throughout the history of ransomware, it’s never more important to have backup copies of your data that you can rely on.