When did the first ever ransomware come into being?

Ransomware, as a type of malware, is a relatively new invention to a great many computer users. The truth is that the first ransomware infection dates back to 1989, when 20,000 infected 5.25” floppy disks were sent to unsuspecting receivers. The person behind this large-scale attack is biologists Dr. Joseph L.Popp, who could be dubbed as the father of ransomware.

The infected floppies were labeled “AIDS Information – Introductory Diskettes” and sent to participants of an international AIDS conference held by the World Health Organization. In the UK, the infected floppy disks were sent to subscribers of PC Business World magazine.

The receivers of the world’s first ransomware were provided with a questionnaire which have probably aroused little or no suspicion as the content of the questionnaire corresponded with the label on the floppy. The supposed purpose was to notify the respondents whether or not they were at risk of getting infected with HIV or AIDS.

As opposed to the ransomware infections of present day, the mysteriously received floppy disk did not make any immediate changes to data files. Only a few days later the computers were locked down, and a dialog box demanding $189 USD was displayed. According to the ransom note, the money had to be sent to PC Cyborg Corporation in order to have the data decrypted. In reality, only the file names were encrypted and all the folders hidden. No long-term damage was done because this first instance of ransomware used symmetric cryptography, allowing experts to recover the hidden files are uncover the person behind the ransomware. Later it was declared that Dr. Joseph L.Popp intended to use the ransom money for AIDS research.

The floppy disk distributed over two decades ago is now in search as a trophy. Some Twitter users admit in their posts that they remember receiving a floppy back in late 1980s but doubt having it in their possession.

As for the term ransomware, it is a rather generic term for infections locking computers and encrypting data. Every system lockdown and encryption have a Trojan behind it. In the case discussed, the Trojan was named PC Cyborg, also referred to as AIDS Trojan.

Since the arrival of the AIDS ransomware until now, black hat hackers have tried to put ransomware in use and profit from careless users. The latest ransomware infections are known to use RSA encryption, which was used in 2006 for the first time. Over than 10 years ago, the cyber criminals released the Archiveus Trojan, which was programmed to encrypt everything in the MyDocuments directory. The schemers demanded the victims to make purchases on an online pharmacy in the vain hope of receiving the 30-digit passcode. Additionally, in June 2006, another encryption Trojan, distributed via a fraudulent email attachment, used a 660-bit RSA public key.

Another milestone in the evolution of ransomware is reached in 2011 when ransomware starts using anonymous payment services. This type of money collection enabled attackers to stay under cover and collect hefty fees from their unsuspecting victims.

In January 2012, the Citadel toolkit distributing and managing botnets was used to install ransomware programs and generate substantial revenues. Citadel became available to attackers on the online forums and became a popular tool of deception. Later that year the Reveton Trojan was launched. Its scheme was to display a fake warning on behalf of the local law enforcement agency. The Trojan would identify the IP of the infected machine and display a corresponding warning to make a greater impact on the victim. The user would be accused of using and distributing illegal software and would be required to pay up a fine through services such as Paysafecard, MoneyPack or Ukash. In June 2012, the detection rate was enormously high, with over 2,000 detections per day.

September 2013 is considered the beginning of the recent era of ransomware because of the shift to the digital currency called bitcoins. The malware utilized for further attacks is known as Cryptolocker, which would spread from malicious websites and via emails designed to look like customers’ complaints. The infection would carry out aggressive attacks resulting in the encryption of files with certain extensions and deletion of the originals.

In 2014, ransomware attacks against Android, iPhones and iPads users were recorded.

New ransomware threats have been created until recent days, and they are considered to be the biggest threats on the Internet. They are used to extort money not only from home users but from big corporations, leading to high earnings, as high as $209 million dollars, which were collected in the first quarter of 2016.

The evidence shows that cyber criminals attempt to take control of as many operating systems as possible. Keeping in mind that new smart devices are being brought to market, white hat hackers attempted to infect a smart thermostat with theoretical dangers in mind. Two programmers, Andrew Tierney and Ken Munro created the so-called ransowmare without any malignant intentions to prove that Internet-connected devices can leave users in danger. A bug in a device may be exploited by cyber criminals as was the case in 2015 when a Samsung smart fridge was detected to leak Gmail passwords.