Ransomware is not new. In fact, the first cyber ransomware attack was released in December of 1989. Dr. Joseph V. Popp mailed out 20,000 floppy disks infected with the AIDS Information Trojan. The program purported to be an expert system to advise you about your risk of contracting HIV and AIDS, but after you’d run it 90 times, it scrambled your hard disk.
Those of us around at the time will remember that back in 1989 everyone switched off their computer at the end of the day, so the 90th reboot generally took place four to five months after first running the program. The user was then presented with a ransom note demanding US$189 – for one year’s use of the program – or $378 for lifetime use. Payment was via a Bankers Draft to a company in Panama.
The idea of sending payment via a Bankers Draft to Panama was a non-starter. As a result, the enterprise failed to generate any revenue, and instead landed him with a court appearance.
There are three main hurdles that cyber criminals need to overcome to effect a successful ransomware attack: getting the ransomware onto the victim’s devices; encrypting and decrypting the files; and receiving the payment.
While Dr. Popp had identified an effective, although not really scalable, approach to get his threat onto the victims’ devices (he had to write those 20,000 floppy discs manually), he fell down with the encryption and payment parts of the process.
Unfortunately, as technology has progressed for the better, cyber criminals have also evolved and are more of a threat than ever.