Let’s dive into the story of ransomware, starting with its very first instance. It wasn’t just a cold, calculated crime; it came from a place of anger and frustration. The man behind it wasn’t some shadowy figure with a Russian accent, but Joseph Popp, who hailed from Ohio and studied at Harvard. He was an anthropologist and biologist, known for his work on HIV/AIDS, and had even collaborated with the World Health Organization in Africa. After missing out on a job with WHO, something snapped. This led him to create what we now know as ransomware.
In December 1989, Popp unleashed a piece of software known as the AIDS Trojan. It wasn’t sophisticated by today’s standards. It scrambled files by fiddling with the AUTOEXEC.bat file, counting boot cycles until it got to 90, then it encrypted file names on the C drive. Victims received a stark message stating their computer had been infected, chillingly reminding them, “Remember, there is NO cure for AIDS.”
So how did it spread? Popp mailed out 20,000 floppy disks labeled “AIDS Information – Introductory Diskettes” to attendees at an AIDS conference. Those who fell for the bait were asked to pay $189 to a PO Box in Panama via the PC Cyborg Corporation. The software came with a cheeky end user license agreement, suggesting users were renting the virus.
Popp’s journey took a strange turn; arrested in the U.S. and extradited to the UK, a judge deemed him mentally unfit for trial. He ended up wearing bizarre items like cardboard boxes on his head. After his ordeal, he created a butterfly sanctuary in New York and passed away in 2007.
Reflecting on the odd origins of the AIDS Trojan, Martin Lee from Cisco’s Talos intelligence and research unit calls Popp “an insane criminal genius.” He points out that in 1989, most computers weren’t even networked, and the term “cybersecurity” didn’t exist. No one paid the ransom back then, and the first ransomware didn’t resurface until the mid-90s when technologists began experimenting with malware and cryptography.
Then came Gpcode in 2004, a primitive form of ransomware crafted in Russia. This new attack method involved tricking job seekers into opening what they thought was an application form, only for it to encrypt their files. Unlike the AIDS Trojan, Gpcode demanded ransom through money transfer, putting its creators at risk of being tracked. It wasn’t a huge success financially, but it marked a shift in ransomware toward a more serious criminal intent.
Fast forward, and ransomware grew more sophisticated. Criminals got better at anonymity, turning to digital currencies like E-Gold. But those came with risks, as they were eventually shut down by authorities. The emergence of cryptocurrencies offered a safer way for criminals to collect ransom. A significant turning point was the evolution of “ransomware as a service” in the mid-2000s, enabling less tech-savvy criminals to use advanced code developed by others.
By 2016, ransomware tactics changed drastically with the SamSam gang. Instead of blanket attacks, they targeted businesses, infiltrating networks and holding critical data hostage. This shift allowed them to demand much larger ransoms, disrupting operations on a grand scale.
Still, mass-market ransomware attacks continue, and they can be devastating for everyday users. Lee recalls instances where people have lost cherished memories due to ransomware on their personal devices. While companies might suffer large losses, individuals often face immense emotional distress.
Since 2020, ransomware has hit the news hard, often involving double extortion tactics where criminals not only encrypt data but also threaten to leak it. We’re seeing a dubious partnership between financially motivated gangs and politically driven hackers. Recently, gangs like BianLian have started operating without traditional ransomware, focusing purely on extortion.
Will ransomware maintain its foothold? Absolutely, says Lee. As technology continues to advance, so too will the methods criminals use to exploit it. Wherever IT thrives, there will be individuals trying to profit illegally, and ransomware will likely remain a favored tactic.
The history of ransomware spans from Popp’s desperate act of revenge to today’s massive operations, showcasing an ongoing cycle of creativity in crime. Awareness of cybersecurity remains crucial in this ever-evolving battle against digital threats.