A Brief History of Ransomware

Ransomware is a common way for cyber criminals to exploit people into paying a sum of money. Generally speaking, the malicious software is designed to block access to devices. Data can be held on “hold” meaning the victim can no longer access it. Whether, personal data, photo albums, files, etc. access is blocked until the victim pays a certain amount of money. Ransomware has evolved, from letters in the mail to now simple texts or emails on many people’s digital devices.

One of the first ransomware attacks occurred in 1989 when around 20,000 people received a letter in their mailbox from PC Cyborg Corp. Attached was a floppy disk and information leaflet. PC Cyborg Corp was a fake organization created by evolutionary biologist Dr. Joseph L. Popp. At the time he was researching AIDS but was denied a position at the World Health Organization. This may be one of the reasons why his targets were predominantly WHO subscribers. The leaflet attached to the letter was much like an instruction manual. It explained how the diskette contained an interactive program to learn about AIDS and also how to run the program. The diskette contained two files, one being the virus. The virus encrypted all file extensions the victim might have, making them impossible to use. After this, a ransom note would appear demanding money for the decryption. Popp’s ransom attack effort had some significant flaws. The virus used symmetrical encryption i.e. the encryption and decryption were performed with one key, which could be extorted from the virus itself. Secondly, his attack was quite expensive as he had to buy around 20k diskettes which was around $100,000. He also had to pay for international post deliveries which was around $15,000. In the end, Popps didn’t even make a profit and many medical researchers had to wipe their locked computers. The loss of data was tremendous. 

Throughout the 90’s people began to refine ransomware. The first two refinements came under the fact that Popp’s previous attack was risky. Adam Young and Moti Yung were two computer scientists who came up with the idea of asymmetrical cryptography. This type of virus uses two keys, one of which is a public key that contains the virus and executes the encryption. The second key is private which is owned by the viruses creator and is used for decryption. They presented their findings in the 1996 IEEE Symposium on Security and Privacy then later published them in the Proceedings of the Symposium. Young and Yung’s findings were purely theoretical as they were trying to find if AIDs weaknesses could be overcome. Their paper acting like a warning to others on the possibility of a virus impossible to crack. The second flaw of Popp’s attack was that securing a payment wasn’t guaranteed. He had to rely on the bank to extort money from his victims which left him quite vulnerable. Around the same time of Young and Yung’s idea, cryptocurrency began to emerge which they said could become an effective method of extortion. E-commerce didn’t popularize until the release of bitcoin. But crypto wallets have now became a safe place for criminals to conduct monetary operations avoiding any trouble with the authorities. A significant refinement ransomware went through during the 90’s was it’s delivery method. That solution came in 2000 when 24 year old Onel de Guzman sent out phishing emails to steal Internet access credentials. The emails strategically played around the modern fascination with romantic love. The subject line “ILOVEYOU” and a downloadable attached file “LOVE-LETTER-FOR-YOU.TXT.vbs.” painted a picture of happiness and thrill that was hard to say no to. The “love” virus created an estimated $8.7B in global damages. While it wasn’t the first ransomware to be sent out through phishing emails, it was the first one to reach such a Guzmans, perfectly executed social engineering played a big role on why the virus spread so well.

Throughout the 2000’s ransomware started to become more and more common and this was mainly due to the internet growing exponentially. With over 2B users by 2010 many criminals started experimenting with ransomware as a side gig. Today, ransomware viruses are all over the place, hidden in email attachments or links on websites. It is important to always double check links or attachments especially from texts or emails. Some clear signs that they could be a potential threat are unknown email addresses or numbers. Normally disguised as services or products that big companies sell (Apple, any bank, telecommunication companies) It is important to question the authenticity of potential threats in order to protect sensitive data.

Source: Spin.ai

Leave a Reply

Your email address will not be published. Required fields are marked *