The second evolution cycle of ransomware made it a lot more dangerous. It could no longer be easily removed and, usually, the only way a victim could recover their files was to pay the ransom or restore them from a backup – if available. As a result, the number of “customers” that were willing to pay increased dramatically.
One of the principles of successful businesses is to make it as easy as possible for customers to pay for services. Take, for example, one-click purchases, which remove all the obstacles between the customer’s purchase and their bank account. This principle is no different for ransomware authors, but they want, at the same time, to remain anonymous.
This poses a particular challenge for ransomware authors: The first variant asked that a money order be sent to a P.O. Box in Panama, later variants often used premium SMS messages, prepaid gift cards, or various money transfer services.
What was it that cryptoviruses needed to evolve further? The answer, cryptocurrency: simple, decentralized digital currency that’s anonymous. The FBI predicted back in 2012 that cryptocurrency would attract cybercriminals. The first such ransomware was CryptoLocker in 2013 and it was extremely successful. It’s believed that CryptoLocker successfully extorted close to $3 million USD, with another variation – CryptoWall – extracting about $18 million (FBI estimates).