Ransomware turns 30 this month! Here's a quick flashback into its journey

  • The first ransomware attack was launched in 1989.
  • Be it schools, universities, hospitals, police departments, government agencies, and everyday citizens—nothing and no one was assumed safe.

Exactly 30 years ago, the "AIDS Trojan", the first malware extortion attack written by Dr. Joseph Popp, was introduced to the world.

The first-ever attack

Dr. Popp first sent his indigenously developed ransomware—via 20,000 infected floppy disks— to delegates who were attending the WHO’s international AIDS conference, in Stockholm.

  • The malware could hide file directories and locked file names. Popp then demanded a ransom of $189 to a PO Box in Panama in exchange for restored access.
  • In less than two weeks of the attack, Dr. Popp’s activity at Schiphol airport, Amsterdam, caught the eyes of the authority.
  • Shortly after, they detained the father of ransomware from his parents’ house in Ohio and extradited him to Britain.
  • There, Popp faced 10 charges of blackmail and criminal damage and ransomware stayed out of the spotlight until 1996 when two cryptographers Adam L. Young and Moti M. Yung warned of the worst.

The mid-life evolution

Young and Yung strongly believed that the day ransomware started leveraging asymmetric cryptography, it would gain more powers. Almost two decades later, ransomware emerged to be even more dangerous than the estimation of the researchers.

  • In 2006, a ransomware strain named Archiveus performed advanced attacks on PCs around the world. It would encrypt all the files in the “My Documents” folder.
  • Victims of the attack were asked to make purchases on specific websites to obtain the decryption password.
  • Gloated with success of ransomware, attackers carried out multiple attacks under various monikers including GPcode, Cryzip, Krotten, and others.

As predicted by the researcher duo, ransomware grew to harness the power of Rivest–Shamir–Adleman (RSA) encryption, which was difficult to crack then.

Here comes the hope

In 2012, Fabian Wosar, a fiercely private gentleman, first came face to face with ransomware while helping the victims of the ACCDFISA virus recover encrypted files. Soon, he got obsessed with ransomware and began working on decryption tools to help victims free their data.

A few years later, another ally Michael Gillespie joined him. His very first encounter was with TeslaCrypt. Like Wosar, he also developed a keen interest in learning everything about this notorious type of malware. Years down the line, he became one of the world’s most prolific creator of ransomware decryptors and also received recognition from the FBI for his efforts and contribution.

The present state

The epidemic of ransomware continued to terrorize the people across the globe. Be it schools, universities, hospitals, police departments, government agencies, and everyday citizens—nothing and no one was assumed safe.

In 2016, threat actors behind SamSam ransomware stole $6 million from unsuspecting victims across the globe. A year later, NotPetya swept across the world which caused more than $10 billion in total damages, according to the White House. In 2017, WannaCry infected more than 230,000 computers in 150 countries around the world.

In 2019, ransomware attacks have emerged as a prime source of revenue for cybercriminals. Top ransomware recorded this year include Bad Rabbit, Dharma, Grand Crab, Jigsaw, Ruk, Rapid, Toldesh, etc., that mostly targets businesses, MSPs, and government agencies.

Cyware Publisher