We often talk about ransomware on Red Hot Cyber and criminal cyber gangs. But who invented this dangerous cyber blackmail “weapon”?
Today, ransomware attacks have become familiar to most people, especially given the escalation in recent years that has targeted Italian hospitals and critical infrastructure, such as the Colonial Pipeline of the United States of America.
While today ransomware attacks occur through malware injected into systems from a phishing email or a malicious exposure of a company’s administrative tools (as we saw in the article on Ransomware as a Service), the first ransomware in history was distributed via a 5.25-inch floppy disk.
Eddy Willems worked for an insurance company in Belgium in December 1989 when he inserted the floppy disk into his computer. The disk was one of 20,000 mailed to attendees at a World Health Organization (WHO) AIDS conference in Stockholm, and Willems’s boss had asked him to check what was inside.
Willems expected to see medical research on the disk,instead, he became the first victim of a ransomware attack in history, about 30 years before the Colonial Pipeline ransomware attack. A few days after inserting the disk, Willems’s computer crashed and a message appeared asking him to send $189 in an envelope to a post office box in Panama.
It was “AIDS Trojan,” the first ransomware in history. “I didn’t pay the ransom or lose any data because I figured out how to fix it.” He was one of the lucky ones: some people lost their jobs or their businesses.
Eddy Willems with his original ransomware floppy disk from 1989
“I started getting calls from medical institutions and organizations “They were asking how I could get around it,” said Willems, who is now a computer security expert at G Data, which developed the world’s first commercial antivirus solution in 1987. “The incident caused a lot of damage back then. People lost a lot of their jobs. It wasn’t a minor thing, it was a major thing, even back then.”
An image by Joseph Popp
Work by Joseph Popp. A former Harvard professor
But who was the diabolical mind behind this possessed floppy disk?
The floppy disks were in fact sent to addresses around the world obtained from a mailing list. Law enforcement traced the effort to a mailbox owned by a Harvard-educated evolutionary biologist named Joseph Popp, who was conducting AIDS research at the time.
He was arrested and charged with multiple counts of blackmail, and is credited with inventing ransomware. “Even today, no one really knows why he did it,” Willems said, emphasizing how expensive and time-consuming it was to mail that mountain of floppy disks to so many people.
“He was attracted to something. Maybe someone else was involved. As a biologist, how did he get all the money to pay for 20,000 disks? Was he angry about the research? Nobody knows.” Some reports indicate that Popp had been rejected by the WHO for a job opportunity.
The Arrest and Failure to Trial of Joseph Popp
After his arrest at Amsterdam’s Schiphol Airport,Popp was sent back to the United States and imprisoned. He allegedly told authorities that he planned to donate the ransom money to AIDS research. His lawyers also argued that he was unfit to stand trial; according to journalist Alina Simone, he wore condoms over his nose and curlers in his beard to show he was unwell. (A judge ruled in his favor.) Popp died in 2007.
The primordial “ransom note” that was displayed by Trojan AIDS
The case has become a major point of discussion and the legacy of the Its crime persists today. The U.S. Department of Justice recently stated that 2020 was “the worst year to date for ransomware attacks,” and 2021 will be even worse. Meanwhile, we’re heading toward 2025, where it appears the ransomware phenomenon shows no signs of abating.
Security experts believe ransomware attacks against businesses and individuals will continue to grow because they are easy to execute, difficult to trace, and victims can be exploited for a lot of money.
Redazione The editorial team of Red Hot Cyber consists of a group of individuals and anonymous sources who actively collaborate to provide early information and news on cybersecurity and computing in general.
Redazione