To the doctor joseph popp he is known as the father of ransomware. By profession, an evolutionary biologist, primatologist and anthropologist from Harvard, he collaborated in the Fight against AIDS and was a WHO consultant in Kenya. But his role in this story is to have scheduled and broadcast in 1989 a Trojan called PC Cyborg or AIDS, as AIDS is known in English. It came on a floppy disk, activated after turning on the computer 90 times, required a payment of 189 dollars of the time and it is the first ransomware in history.
It is between top five threats of cybersecurity. Ransomware has become an ally of those who want get easy money illegally on the internet. Only in the first half of 2021 had there been more than 1,000 successful attacks of this type, the same number as in all of 2020. Attacks involving all types of companies and organizations in more than 60 countries. In Spain, during 2021, well-known names such as the Public State Employment Service, Glovo, Phone House or MediaMarkt suffered from ransomware.
Between 1989 and today more than 30 years have passed. Joseph Popp laid the seed for one of the most widespread cybersecurity attacks today. Internet, cryptocurrencies and organized crime they have made it possible for anyone to walk into a forum, buy ransomware and spread it via email or scam pages. The most likely victims are companies of all kinds, public bodies such as town halls or libraries and public services such as hospitals or universities. The purpose is to obtain money through extortion. If you open the infected link or file, the ransomware gets installed and spreads throughout the internal network. The result, dozens of locked computers or millions of encrypted and inaccessible files unless you pay the extortion, usually in the form of Bitcoin.
The creation of the first ransomware
As we said, it all started in 1989. That year, Joseph Popp sends 20,000 diskettes to AIDS researchers and experts in more than 90 countries. All of them had gathered in Stockholm at an international conference on AIDS organized by the World Health Organization. Joseph Popp himself was doing research on AIDS. He was an evolutionary biologist and anthropologist from Harvard University, collaborated with the association Flying Doctors who worked in Africa and was even a consultant to the WHO in Kenya, one of the countries most affected by AIDS.
Precisely, the diskettes distributed by Dr. Joseph Popp were labeled “AIDS Information – Introductory Diskettes.” In theory, these diskettes contained a questionnaire that allowed to find out the level of a person’s risk of contracting AIDS based on the answers they gave. But the reality was quite different. Those floppy disks contained a Trojan horse known as pc cyborg or AIDS, AIDS in English and which serves as an acronym for AIDS Info Disk. This Trojan affected computers with the DOS operating system. It replaced the AUTOEXEC.BAT file and counted how many times the computer was turned on again. After 90 starts, the Trojan hid folders and encrypted files of the main unit. To regain access to the hijacked files and folders, the victim had to pay US$189 to a panama postal code. The first ransomware was born.
As a curiosity, when the Trojan was activated, a message appeared on the screen. The message came to say that you should pay for software that you had installed, owned by PC Cyborg Corporation. Hence the name of this Trojan. The price to pay was $189 plus an additional $378 to regain access to your encrypted files. The payment method could be a check, bank draft, or money order in the name of the aforementioned company. To make matters worse, it asked to include name, company, address, city, country and/or postal code. Finally, as an address it indicated our equivalent of a post office box, a post office box, post office box in English, located in Panama.
A Trojan that infects a computer and encrypts files. The demand for a payment in exchange for regaining access to your files. They are the ingredients that make ransomware possible. But at a time when the internet was in its infancy and the payment method was money order, this type of cybersecurity attack was not widespread. Interestingly, it was not popularized by payment through Western Union, method used by Russian and Ukrainian hackers during the 90s and 00s that extorted companies and individuals.
Further analysis of the AIDS or PC Cyborg Trojan indicated that it did not encrypt files. what i did was encrypt extensions and names of the files so that they were not accessible. The first ransomware used symmetric cryptography. And as is the case today with every new type of ransomware, after a while remedies emerged that allowed the affected content to be decrypted. AIDSOUT was one of them. It removed the Trojan from the computer. CLEARAID, for its part, recovered encrypted plaintext. That is, it decrypted the affected content so as not to have to pay the ransom.
What happened to Joseph Popp?
Being the father of ransomware is a dubious honor. And there is no prize. His suspicious attitude weeks after spreading the Trojan made the FBI will investigate and, finally, arrested when he was at his parents’ house in Ohio, United States. From there he was extradited to the UK, where charges had been filed against him. According to the press at the time, because of the Trojan years of work were lost in AIDS research. In any event, Popp was charged with eleven counts of racketeering and extortion. And in his defense, he argued that the money obtained was intended for the same research on AIDS.
We do not know the reasons for which Joseph Popp created the first ransomware in history, PC Cyborg. Did he really want to get money to find a cure for AIDS? Was it an experiment for something bigger? Or a way to get revenge because he had been rejected for a job at the WHO? Before the judge, his strategy was to argue mental problems. And his behavior during the trial supported this argument. Finally, in November 1991, the judge ruled that he could not stand trial.
Back in the United States, Dr. Joseph Popp continued his career as an evolutionary biologist and primatologist. He even wrote the odd self-published book on primates and humans. Popp passed away in 2007 at the age of 55. He left unfinished a memoir about his travels to Africa as a researcher. As a legacy, in Oneonta, New York, we can find The Joseph L. Popp, Jr. Butterfly Conservatory, a sanctuary for butterflies of 279 square meters.
The juicy business of ransomware
Just as it happened with the DDoS attacks, with a vindictive origin but which has become a online extortion tool, the ransomware met the same fate. If in 1989 the first attack of this type was born, the first ransomware, for profit or as a method of personal revenge, in 1996, cryptography experts Adam Young and Moti Yung analyze the PC Cyborg Trojan and introduce concepts such as public key cryptography or asymmetric cryptography. As opposed to the symmetric cryptography of the Trojan created by Joseph Popp. They also theorize about cryptovirology, that is, the use of cryptography as a combined weapon virus and other malware.
But it wasn’t until 2005 that variants of ransomware as we know them today began to emerge. And in 2010 the number of 10,000 copies of ransomware. That same year Bitcoin emerged. The perfect tool to make ransomware extortion payments. In 2013 extortions arise demanding payments of up to 200 US dollars. There are already more than 100,000 ransomware copies on the online market. And what about 2014. That year appears CryptoLocker, one of the most profitable ransomware families. In just 100 days, those who use it earn $30 million. Then other branches will come just as or more dangerous, such as WannaCry or NotPetya.
Today, ransomware is sold on internet forums as a service, customer support and all. You do not need computer skills. You buy the ransomware you want, you choose the victims and those responsible for it take care of everything, since They have their own infrastructure.. Ransomware as a service the experts call it. Easy money that takes advantage of companies and public bodies with obsolete computers or without security policies. The good news is that there are ways to protect yourself against ransomware, but they require acquire certain habits.