Thirty-five years ago, as December 1989 turned into January 1990, the then-largest ever cybercrime investigation was launched in response to the world’s first known example of ransomware. This first ransomware payload was secreted on a 5.25-inch floppy disk titled “AIDS Information — Introductory Diskette 2.0” [h/t Heise.de]. The pioneering ransomware was developed by one American biologist, Dr. Joseph Lewis Andrew Popp Jr., and about 20.000 copies were distributed to subscribers of the magazine PC Business World, various mailing lists, and even to World Health Organization delegates during a conference on AIDS.
As one may be able to deduce by the years and names being thrown around, this attack’s choice of target was highly intelligent and the method of delivery exploited people’s existing fears of a terrifying new biological virus at a time when knowledge of regular computer viruses was at an all-time low — much less an all-new form of malware meant to extort its victims.
Compared to modern-day attacks, Dr. Popp’s rendition of ransomware is a little bit sloppy. Only file names, not the files themselves, were encrypted by this ransomware. Thanks to this, effective software countermeasures (“AIDSOUT” to remove it and “AIDSCLEAR” to check for hidden directories combined into “CLEARAID”) were developed by John Sutcliffe and Jim Bates to rescue impacted parties. Unfortunately, several parties still experienced severe financial damages and data loss thanks to the “AIDS Information” ransomware, including an Italian health organization that lost a whopping 10 years of research to the attack.
Interestingly, ransomware pioneer Dr. Popp Jr. wasn’t just the most effective cybercriminal in history at this point in time… he also seemed to be at least a little bit crazy. Following several arrests and extraditions, it was concluded that the then-41-year-old Dr. was “mentally unfit to stand trial” by a London psychiatrist, and prior to the trial, had been witnessed wearing condoms on his nose, carrying a cardboard box, and other extremely odd behaviors that diverted him from prison to London’s Mausley Hospital.
Now, here in the far future from these events, there is some salt required. After all, this was a very complex and targeted attack to be executed by someone who supposedly didn’t have their mental faculties in check. Even the cost of distributing the attack was estimated at around £10,000 British pounds — or about £31,794.86 or roughly $38,600 USD today. There was also the cost of registering “PC Cyborg” and its accompanying accounts in Panama, as well as renting housing in London. However, the ransom demands meant that even just 1% of victims paying the fee would grant a handsome return.
0 Comments