During the nascent phase, we saw how crypto ransomware was introduced in its most basic form. But due to easy and quick ransomware removal, they couldn’t properly take off to become a viable business option for cybercriminals.
However, by 2013, the cryptovirological developers overcame the majority of the issues in their scripting to make their attacks more supple, effective and lethal. The threat of ransomware organizations and individual users facing today had acquired this form five years ago.
Crypto ransomware of today is very effective with its encryption algorithm. Moreover, it is more effective in infiltrating networks and devices. For that reason, ransom demands have also become pricey. An average extortion demand is now $300 for a regular ransomware attack. In addition, more comprehensive and exhaustive ransomware removal activities are now required to disinfect the affected devices.
What Crypto Ransomware Operators Learnt From Earlier Mistakes?
First thing crypto ransomware operators did was to drop symmetric encryption and adopted asymmetric algorithms. However, it also became ineffective after some time after security experts developed ransomware removal measures for it. Later, cryptovirological operators integrated Triple Data Encryption and Advanced Encryption Standard in their crypto strains.
This transition drastically improved the encryption regimen of crypto ransomware. Moreover, they started to develop unique decryption keys for multiple activities of the same strain. Earlier, a single decryption key could be used for ransomware removal on multiple devices affected by a similar strain. Crypto ransomware operators have also stopped to store decryption key in the payload because security experts started to succeed in retrieving it.
Nevertheless, some loopholes are still dug by security experts to neutralize the activity of crypto ransomware. Moreover, the growing trend of maintaining data backups has also factored in making ransomware activities ineffective.
This is the reason ransomware operators are now shifting their focus to target entities working in public domain. For instance, healthcare ventures are the new pick of ransomware operators because they severely get affected regardless of backups and quick ransomware removal measures.
It seems like this unannounced scuffle between cryptovirological operators and security experts will continue.