BOOK A MEETING

The History of Ransomware

The history of ransomware has certainly been an interesting journey. From petty crime to affecting major organisations, this piece will cover a detailed history of ransomware. As well as showcasing how individuals and organisations fought back against ransom hackers, resulting in the exceptional modern cybersecurity we have today.

With ransomware on the rise, users are constantly seeking further protection from cyber threats. Last year alone experienced a 27% increase on the previous year, meaning online security is more important now than it has ever been. Read on to learn how cyber attacks have developed over the years.

The Timeline of Ransomware Attacks

Here’s a timeline of defining ransomware attacks since 1989:

  • First ransomware attack in 1989
  • 1992 – David Naccache and Sebstian von Solms
  • 1996 – Young and Yong
  • 2000 – Onel de Guzman
  • Mid-2000s – First ransomware viruses
  • Late-2000s – RSA commercial success
  • 2010 – Screen-locking ransomware appears
  • 2013 – Law enforcement ransomware
  • 2016 – Javascript ransomware
  • 2018 – Big game hunting begins (BGH)
tall tower building in the sky

The First Ransomware Attack in 1989

Beginning in 1989, the first ransomware attack occurred. 20,000 people were sent something through the post which ended up in their mail, containing a floppy disc and an information leaflet. This wasn’t just any old floppy disc and leaflet, however, it was, in fact, a fake organisation which went by the name of ‘PC Cyborg Corp’. 

The scam was run by an evolutionary biologist named, ‘Dr. Joseph L. Popp’. Dr Pop having recently been denied a position at the World Health Organisation, decided to seek revenge upon the subscribers of the WHO Conference (World Health Organisation Conference).

The leaflet that was received alongside the floppy disc contained information explaining that the disc contained an interactive program discussing AIDS and everything surrounding the disease. 

The disc that was sent contained two files, one holding a virus. When the unlucky individual inserted the disc, the virus would immediately take over the autoexec.bat, which is the file that starts Windows on a computer. Now, the virus was able to encrypt all the file extensions which deemed them now, impossible to use. A ransom note then appeared, issuing all those affected to pay an annual or permanent ransom of $189 and $378 for the decryption.

The Attack’s Weaknesses & the Aftermath

Due to modern technological advancements, specialists have spotted numerous faults in Popp’s ransomware attack.

The aftermath of this attack carried out by the Doctor was horrific in terms of precious data loss. As the majority of the victims affected were medical researchers, this data loss was catastrophic for humanity, and the impact can still be seen in the medical space to this day. The best part is, that Popp didn’t even profit from his crime as none of the medical workers paid the ransom, they just wiped their computers instead, hence the mass data loss.

1992 – David Naccache and Sebstian von Solms

A few years later in the vast history of ransomware, after Popp’s expensive and risky cyberattack, two more daring individuals named David Naccache and Sebstian von Solms attacked RSA.

This type of cryptography targeted RSA systems that utilise a low public exponent.

The Attack’s Impact & Aftermath

The impact that was generated from this attack was massive, as the attack solely proved how insecure low public exponents were. At this time, loads of systems utilised low public exponents to increase the speed of encryptions and decryption, with no idea of the vulnerable situation they were soon facing.

The aftermath changed the evolution of ransomware, as secure padding schemes became essential. Techniques were utilised such as OAEP and PSS, which threw randomness into plain text before encryption.

1996 – Young and Yong

Another addition to the history of ransomware, with two notable attackers who went by the name of ‘Yong’ and ‘Young’ and are otherwise referred to as the ‘Yong and Young attack’. These opportunistic hackers used their expertise in the early days of the Internet to exploit weak passwords, unpatched pieces of software and all while gaining access to unauthorised areas affecting the military and even NASA.

The aim of these notorious British hackers appeared to be data theft and manipulation of sensitive information, exfiltrating confidential data and disrupting everyday normal communications.

The Attack’s Impact & Aftermath

Not only did these attacks affect major organisations and companies alike, but they also served as a stern reminder that the need for increased improvement to cyber security was needed, and needed soon.

2000 – Onel de Guzman

Onel de Guzman, a young Filipino science student, found himself attempting to steal internet access in the year 2000. He did this by creating an infamous computer worm that would spread and steal passwords that gained access to the internet, which he could use for himself.

When unfortunate recipients opened the email, the script would overwrite files, steal passwords and send copies of itself to all contacts in the recipient’s email list. This attack, known as ‘lovebug’ or ‘ILOVEYOU’ virus, is one of the earliest and most notorious attacks in the history of ransomware.

The Attack’s Impact & Aftermath

As the spread of this virus was so vast, affecting millions of people worldwide, widespread disruption was caused. Not only was there mass data loss and information theft, but the estimated financial damage caused by this virus was between 5.5 and 8.7 billion.

Onel de Guzman, however, was not prosecuted. This is because, at the time of the hack, the Philippines had no laws addressing cybercrime. However, this attack led to the enactment of the E-Commerce Act of 2000 in the Philippines, including provisions for computer-related crimes.

Mid-2000s – First Ransomware Viruses

The cyber threats in the mid-2000s were certainly ramping up and became a pivotal point in the history of ransomware. Cyber Security specialists believe that one of the main reasons for the major increase in crimes was due to global digitalisation, as internet users went from 39.14 M in 1995 to 2 B in 2010.

As many hackers then used custom decryption keys, the hacks were still ‘crackable’, and were regarded as ‘side gigs’ or ‘cash on the side’ for hackers, e.g. the $20 ransom for the GPcode decryptor hack which took place in 2005. These types of hacks are nothing like what is seen today.

paper boats on blue background

Late-2000s – RSA Commercial Success

As cyber threats are constantly evolving in the evolution of ransomware, the late 2000s were no different. Things started to change when hackers started to utilise RSA encryption and apply it to their viruses, which could be seen when GPcode was reinstated with RSA-1024 in 2010.

2010 – Screen-locking Ransomware Appears

This type of malware, known as screen-locking ransomware, restricts access to the computer or handheld device, by locking the screen, so the user cannot operate its features. Then, the unfortunate user would be demanded to pay a small fee of a few hundred pounds, typically.

The industry, after many screen-locking ransomware attacks appeared, began to adapt and upgrade its security and know-how around screen-locking ransomware. Such as ensuring all devices are updated with the latest security patches to stay ahead of the hackers.

2013 – Law Enforcement Ransomware

This type of crime was a particularly scary experience for the user, that spread rapidly in the evolution of ransomware. Known as law enforcement ransomware, this screen-locking malware would display a message from an authority stating the user has committed a certain crime and to pay a ransom immediately to unlock the device.

This just goes to show the lengths hackers will go to in order to exploit the public’s fear of legal consequences. The legal authorities had to issue statements demanding users to not pay the ransoms and that it was a scam. However, a lot of the damage had already been done, and the FBI and Europol doubled down on their investigations to find these hackers and bring them to justice.

2016 – JavaScript Ransomware

Another pivotal attack in the history of ransomware, is the JavaScript ransomware attacks. This series of attacks persuaded and relied on the individual to execute the JavaScript file, which would then download and produce ransomware onto the respective system.

The hackers smartly utilised JavaScript files which were compressed into zip archives, which allowed them to go unnoticed by the email service. The hack resulted in a mass financial loss for individuals who gave in and paid the ransom, which doesn’t always guarantee a decryption. The application of sandboxing techniques was introduced to safely analyse suspicious scripts before they gain access to your system.

2018 – Big Game Hunting Begins (BGH)

In order to get the most out of their actions and efforts, hackers and ransomware operators alike began to move away from targeting the everyday individual. They, instead, began to move towards larger corporations and organisations, e.g. Big Game Hunting (BGH).

This transition has been so profound among the cyber industry, that Big Game Hunting was recognised as one of the leading trends affecting the E-crime ecosystem at the 2020 Global Threat Report.

The Evolution of Ransomware: Modern Trends

The evolution of ransomware continues to develop as the years pass by, here are some modern trends in ransomware today:

  • Double/Triple Extortion – This doesn’t always encrypt the victim’s data but exfiltrates it, stating to release personal info for ransom pay.
  • RAAS – Where ransomware developers offer their malware to affiliates. This method lowers the barrier for cyber criminals and has seen an increase in the variety of attacks over recent years.
  • Targeted Attacks – As mentioned before, hackers have moved their targets to large organisations and major companies, this is so their efforts go towards a large ransom sum, instead of the small, easier hacks.
  • Attacks on critical infrastructure – Recent rise in the amount of ransomware hacks on critical infrastructure, such as hospitals and transportation systems.

Mitigate Ransomware Risks Effectively with CWSI

CWSI are leading European cyber security specialists with over a decade of experience working with some of Europe’s most security conscious organisations. Whether you need professional or managed services, we have solutions available to suit any business.

Find out more about our secure cloud and secure productivity services, take our cybersecurity assessment, or contact our team today for tailored advice on how to better protect your online space.

Frequently Asked Questions on the History of Ransomware

Who is the inventor of ransomware?

The individual who essentially ‘invented’ ransomware goes by the name of Joseph Popp. The ‘floppy disc and leaflet’ tactic was utilised to demand a ransom from the attendees of the World Health Organisation conference. This early rendition of ransomware laid the necessary groundwork for future hackers to make their mark.

What is the biggest malware attack in history?

Known as the ‘WannaCry’ ransomware attack, it is regarded as the largest malware attack in history to date. In May 2017, over 300,000 computers were affected by this malware attack in over 150 countries.
The attack targeted older versions of Microsoft Windows, encrypting files on the user’s computer and demanding a ransom to pay in bitcoin. Overall, it is estimated the losses from this attack were up to 4 billion US dollars.

What was the ransomware attack in 1989?

The attack that occurred in 1989 is known as the ‘AIDS Trojan’ ransomware attack, created by Joseph Popp. This biologist used a floppy disc and an information leaflet, which posed as an educational video surrounding AIDS, to encrypt and input hidden malware onto the user’s device whilst demanding a ransom to pay.

Relevant Resources

Our Voice

What is Data Classification?

Discover the fundamentals of data classification, why it’s essential for secure information management, and how to implement it effectively in your organisation.

Learn More

Technology Talks

Achieving NIS2 Compliance

Tune into CWSI's Client Solutions Director, Paul Conaty, as he addresses key questions about the new NIS2 directive and its impact on organisations.