The History of Ransomware

Imagine that cybercriminals have seized your data and won’t release it until you pay a substantial sum. In this scenario, you have become a victim of ransomware. Falling victim to this popular form of malware is every business’s worst nightmare. Read on to learn more about the history of ransomware and the state of this cybercrime epidemic today.

The First Ransomware


Image via Flickr by Christiaan Colen

AIDS researcher Joseph Popp, Ph.D., orchestrated the first documented ransomware attack in 1989. He distributed 20,000 floppy disks to fellow AIDS researchers in more than 90 countries that seemed to contain a questionnaire for assessing a user’s risk of contracting the AIDS virus. However, once the user’s computer powered on 90 times, the ransomware activated, hiding files in the victim’s computer and demanding a $189 fee to repair the problem. This pioneering attack was dubbed the AIDS Trojan.

Ransomware Through the Years

The first ransomware attack inspired other cybercriminals to launch similar attacks using programs they coded themselves. However, attacks were relatively rare until the internet became mainstream in the early 2000s. The rise of online technology made distributing ransomware to targets around the world much easier.

Email became the delivery method of choice for ransomware developers. Phishing email blasts sent to a large number of recipients worked well until increasingly smart spam filters began filtering them out. This forced cybercriminals to develop targeted spear-phishing campaigns to outsmart that technology.

Encryption Changes the Game

As the delivery became easier, the ransomware itself became more sophisticated. By the mid-2000s, increasingly complex encryption algorithms, such as RSA encryption, with increasingly larger key sizes, made identifying and cracking ransomware such as Krotten, Gpcode, and Archives virtually impossible. These attacks also looked incredibly convincing. A 2011 ransomware worm that locked PCs and displayed an imitation Windows Product Activation notice, was the world’s first large-scale ransomware attack.

In 2013, the game-changing CryptoLocker was released. Targeting businesses, it spread quickly through downloads from compromised websites and email attachments made to look like customer complaints. This ransomware used state-of-the-art asymmetric key cryptography to encrypt user files until they surrendered hundreds of dollars for an encryption key. If they didn’t do so within a set time period, their data was destroyed. Click here for more information on CryptoLocker and other ransomware examples.

Ransomware Today

Last year, 5,948,417 ransomware cases were reported. While this is down slightly from 2017 figures, that’s no reason to become complacent. While attacks on individual users fell, attacks on businesses increased.

Modern cyber criminals are increasingly unlikely to target businesses with ransomware programs they’ve written themselves. Instead, they rely on more sophisticated off-the-shelf libraries that are much tougher to crack. With these tools available, modern cybercriminals don’t need to have the technical skills of ransomware pioneers. Tech-savvy cybercriminals are making money selling these ransomware-as-a-service programs rather than orchestrating their own attacks. CryptoWall, one of the best-known ransomware brands, has made its creators more than $320 million.

From humble beginnings, ransomware has evolved to become more sophisticated over time. While modern ransomware is a substantial threat to businesses of all sizes, putting the right strategies in place can help minimize your organization’s risk of becoming a victim.

Related Posts