In 1989, the world saw the first widely recognized ransomware attack, known as the AIDS Trojan Virus. Also known as the PC Cyborg Virus, this revolutionary attack was released via floppy disk at the World Health Organization’s AIDS Conference and took over control of its victim’s device. In order to restore access, victims needed to send $189 to a PO box in Panama. This attack officially kicked off the decades long battle that has been ransomware attacks, though it was still pretty rare throughout the 80s and 90s for obvious reasons. As technology advanced throughout the 2000s and 2010s, so did ransomware attacks. Especially after the emergence of cryptocurrencies like Bitcoin that allowed for instant, untraceable digital payments, ransomware attacks were on the rise.
Today, everyone knows that ransomware attacks are out there, although many underestimate their chances of falling victim to one. Still, it is important to understand what ransomware is and how you might fall victim to it. Ransomware is a type of malicious software, also known as malware, that locks a target’s data or device, effectively holding it hostage until a payment is made. It is also important to note that, although this is not technically a type of ransomware, cybercriminals could also use different types of malware to actually steal sensitive data, rather than simply locking it up on your device, and threaten to publish it if a ransom is not paid.
From around 2010 to 2020, researchers saw a fairly consistent increase in ransomware attacks each year, with each attack becoming more and more sophisticated. However, in 2022 and 2024, there were significant dips in ransomware payments. Some argue that this is evidence that our efforts to thwart ransomware attacks are finally becoming effective. In recent years, there have been several successful law enforcement actions against major ransomware groups. However, it also might be evidence that cybercriminals are simply choosing different preferred methods of attack. According to researchers, as of 2025, ransomware gangs have been exploiting more software and firmware vulnerabilities over the last few years, typically using social engineering techniques like phishing. The Cybersecurity & Infrastructure Security Agency, or CISA, has a catalog of known vulnerabilities that have been exploited that can be found here.
Another trend in 2025 is that fewer victims than ever are actually paying the ransoms. IT professionals will always advise you to not pay the ransom right away so they can assess the damage and see what can be done to mend the situation without making a payment. Though, it is rare that all data will be recovered without a ransom payment. Some believe that AI-based ransomware is on its way that will be more successful and powerful than what we have today. Although many ransomware groups have crumbled over recent years, some are still evolving, and we’ve even begun to see some unaffiliated, lone-wolf cybercriminals initiating attacks.
It is important to protect yourself from these attacks, even if their future is a bit uncertain. Ransomware is often able to enter your system through a malicious email attachment, link, website, or through a vulnerability in a software that you use. Be on the lookout for suspicious emails, text messages, websites, etc., and always proceed with caution if you have any hesitation. A successful ransomware attack could result in significant financial loss, data loss, and/or reputation damage. If you are a business owner, it may be worth it to offer cybersecurity awareness and training services to your employees, since user education could be crucial to avoiding an attack. You should also set up continuous data backups so that your data will not be completely lost in the event of a successful attack. With data backups, you are more likely to recover from an attack with minimal data loss without paying the ransom.
Read our previous post here: New Scams Use Microsoft Connectors
