The first ransomware locker was not motivated by outright criminality, but rather by revenge. Interestingly, its author, Joseph Popp, was not a Russian speaker and grew up in Ohio, educated at Harvard University. He was an anthropologist and biologist who worked with the World Health Organisation in Africa. Popp created the AIDS Trojan in 1989, which was essentially a denial of service scrambler that encrypted files on victims’ systems and demanded a ransom.
Popp distributed the ransomware by sending infected floppy disks labeled as “AIDS Information” to WHO conference attendees. Victims were instructed to send money to a PO Box in Panama. Popp was arrested in the US but deemed mentally unfit to stand trial in the UK. He later opened a butterfly sanctuary in New York and passed away in 2007.
The AIDS Trojan was considered a creation of an “insane criminal genius” by experts. It was a new concept at the time, as the cyber security profession was not well-established in 1989. Ransomware did not gain significant attention until the mid-90s, and the first criminal ransomware attack resembling modern attacks occurred in Russia in 2004 with Gpcode.
Despite being ahead of his time, Popp’s ransomware laid the groundwork for future attacks, showcasing the potential dangers of cyber threats and the need for robust security measures.
This marks the first modern criminal ransomware with a clear objective of making money. Gpcode, while rudimentary, used a 600-Bit RSA public key to encrypt files and demanded ransom payments through money transfers. Despite not being a huge financial success, Gpcode signaled the rise of ransomware in both the cyber security community and among the general public.
Over the next decade, ransomware evolved continuously as cyber criminals sought ways to extort money while avoiding detection. Anonymity in payment processes was a major challenge, leading to the rise of digital currencies like E-Gold and Liberty Reserve, which were eventually replaced by cryptocurrencies. Ransomware as a service emerged as a way for less technically skilled criminals to participate in attacks, making the process more efficient.
In 2016, the gang behind SamSam changed the ransomware landscape by targeting specific businesses and encrypting key servers, allowing them to demand larger ransoms. While mass-market ransomware attacks on end-users still pose a threat, the focus has shifted to businesses due to the higher potential profits. Recent developments in ransomware, such as double extortion attacks and collaboration between cyber criminal gangs and political espionage operators, have brought the issue into the national spotlight.
In a new trend since 2020, some ransomware gangs are bypassing the traditional ransomware locker altogether. “`html
Recent developments
Just last month, the Australian and American authorities released new intelligence on the work of the BianLian ransomware gang, which has shifted solely to extortion without encryption.
Could it be that ransomware, in its traditional form, is starting to reach the end of the line?
Looking ahead
Probably not, says Lee, looking ahead, although it will look different: “You know IT brings enormous positives to our lives and enables so much – but anywhere where IT is creating value, criminals are looking for ways to piggyback and steal that value. Ransomware has proved to be a very profitable way for them do it.
“I think that for any new ways in which we use IT in the near- and medium-term future, we can expect there will be criminals looking to make money off that, and one of the ways that they’re going to do it, for certain, is going to be through ransomware.”
From ransomware’s birth pangs as the howl of the frustrated and aggrieved Joseph Popp, we can chart a clear line to the big bucks ransomware hits of the 2020s, and this continuity of criminality and innovation leads Lee to a simple conclusion.
“We need to be much more aware that for anything IT touches, we need to think about cyber security, we need to think about how the bad guys might disrupt it, because for certain, they’re going to be thinking too and someone’s going to try it.
“The history of ransomware has been one of constant innovation, and we can expect that to continue into the future,” he says.
“`