Integrity destroying malicious code for financial or geopolitical gain: A vision of the future?
“We’re entering a new world in which data may be more important than software.”
Tim O’Reilly
Following from our recent CISO research council, our research team have put together this whitepaper, which explores the evolutionary steps in ransomware and malicious code and what NCC Group’s current perspective is.
Ransomware as a concept first emerged publically in 1989. This was followed by academic research in 1996 which demonstrates the cryptographic techniques we see today. In the intervening period, organised and technically sophisticated criminals have recognised that data has a value. As a result, we now have malicious code that encrypts data and holds it to ransom until payment is made, whereupon it may or may not be restored as demonstrated with NotPetya. This can potentially undermine the market.
With the advent of crypto currencies such as Bitcoin as a means to take payment pseudonymously, criminals have widely embraced ransomware as a method of extortion and ultimately revenue generation. As a result, today we see unfocused campaigns against a wide variety of individuals and organisations which are relying on the code’s agility to avoid detection by means of traditional defences. Once run, these criminals are highly overt in making the presence of their campaigns known.
Read the whitepaper for more information about our view on short-term disruption, long-term but subtle data corruption by criminals and ransomware monetisation.