It may come as a surprise to many that ransomware is now entering its fourth decade of existence. The first known occurrence of ransomware, called the AIDS Trojan, was released in 1989. With the consumer and business Internet being largely nonexistent at that time, the primary method of distribution of the AIDS Trojan relied on its creator, Joseph Popp, sending out roughly 20,000 floppy disks to attendees of the World Health Organization’s AIDS conference.
The disks handed out by Popp were labeled “AIDS Information – Introductory Diskettes” and included a supplemental leaflet. The leaflet contained a warning that the code contained on the disk could cause harm to any system it was introduced to, and that compensation and damages could be assessed by PC Cyborg Corporation.
If inserted, the disk would display a text-based graphic that would reappear with a reboot. Once active, the disk-based program would log the number of times the computer was booted. Once that count reached 90, file directories would be hidden, with the files either becoming encrypted or locked. To regain access, $189 would have to be sent to a PO box in Panama, addressed to the PC Cyborg Corporation.
It is not known exactly how many computers were infected by the AIDS Trojan or what the total amount of revenues obtained by Popp were. It is worth noting that Popp stated that any proceeds would be donated to funding AIDS research. The risk of the AIDS Trojan ultimately was minimal, as it used symmetric cryptography, and tools soon emerged that could decrypt the files without payment.
Perhaps the most puzzling aspect of this early attack was the length of time it took to become commonplace. One key consideration is the ability of ransomware to spread. Through most of the 1990s, email was used only scarcely, as were externally connected systems. This is the most likely reason for the lack of ransomware viruses released into mainstream business and consumer systems.
It was not until the rise of the Internet in the late 1990s, and the introduction of affordable broadband Internet services, that ransomware, viruses, and other forms of malware were able to gain a solid foothold in the daily lives of computer users and administrators. The influx of smartphones, the IoT, and always-on connectivity have also worked in ransomware’s favor.
The lessons and observations from this first attempt at ransomware remain applicable to the modern technology user. Users must properly analyze messages, particularly those that ask for their interaction, to avoid falling victim to malicious social engineering. Data must be backed up in a way that ensures its restoration, should a ransomware attack occur. Finally, a quick response to an attack will work to minimize the damage it can cause.
Ransomware attack vectors will continue to evolve, and will do so at a faster rate, thanks to the adoption of Ransomware-as-a-Service (RaaS). Remaining on the lookout for suspicious activity and diligent in keeping systems up to date will help keep you one step ahead of a would-be attacker.