View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cybersecurity
February 23, 2018

The History of Ransomware

Ransomware was born in 1989 but it poses the greatest threat it ever has today in 2018.

By Tom Ball

Here we are in 2018, still trapped in the merciless clutches of a cyber storm, a threat landscape that is presenting a constant deluge of dangerous and adapting attacks. While ransomware is one of the oldest forms of cyberattack, today it remains among the topmost threats we are set to face this year.

We have peered back into the mists of time to remind ourselves of the progress of ransomware, pointing out the major developments that made it the supreme threat it is today. While laying dorment for a while, ransomware burst back onto the scene with ferocity and it has only continued to evolve to be more damaging and profitable to its users.

Ransomware is not only reserved for those fabled hackers who lurk hooded in dark corners, it is now widely available in pre-packaged forms, accompanied by 24 hour support hotlines to help you deliver your attack with greatest efficiency. Read on to find out just how we ended up facing such a deadly predator.

1989: The birth of ransomware

In 1989 ransomware reared its head, embarking on a reign of cyber terror during which it would eventually grow more deadly than ever previously imagined.

You would not be blamed for being surprised by the early date of the first recorded instance of ransomware, as it makes the malicious form of cyber attack even older than the internet itself. It became known as the 1989 AIDS Trojan, also gaining the name PS Cyborg,

The History of Ransomware

The World Health Organization’s international AIDS conference was the target, with the attack having been initiated by Joseph L. Popp, a biologist who had been trained at Harvard. Popp carried out the attack by issuing 20,000 infected floppy disks.

Content from our partners
Green for go: Transforming trade in the UK
Manufacturers are switching to personalised customer experience amid fierce competition
How many ends in end-to-end service orchestration?

As you might imagine, the impact was severe. Files were encrypted by the malicious software, forcing users to have to stump up $189 to regain access. The perpetrator was caught and decryption tools were used to recover the locked information, but this simple structure would go on to be used time and time again as the years went by.

2006: Archiveus Trojan

Following the 1989 incident, serpent-like the threat slithered into hiding for a time, with technology not yet sufficient for the attack to be delivered and carried out like it is today.

The History of Ransomware

In 2006 ransomware emerged from hiding and had been transformed into an altogether more sophisticated and formidable cyberattack. The Archiveus Trojan worked by encrypting everything it found in the “My Documents” section, users would then be guided to make purchases on certain websites to regain freedom. RSA encryption was used, making the process much more difficult to escape from.

The year prior to this big ransomware development, an article called “Files for Ransom” was written by a Susan Schaibly, confirming the reality of what cyber criminals could do with this early form of cyberattack.

2008: Bitcoin

When Bitcoin was introduced to the world a torrent of fuel was poured onto what was already a worsening fire. Cyber criminals now had the ability to launch an attack and demand a ransom of digital currency, extracting the need to include a form of transaction for traditional currency.

Unsurprisingly there was a vertical spike in attacks following this development and it was followed by another one in 2009 when the bitcoin open-course software came to light, spreading the technology far and wide.

The History of Ransomware

While this was going on, a popular way of delivering ransomware attacks was by faking antivirus programs. Users were preyed upon by programs that imitated antivirus software that would demand money to fix problems that had either been fabricated or exaggerated.

The only sign of this relationship between bitcoin and hackers souring came from the recent collapse in price, with the fluctuations even putting off malicious threat actors from seeking to steal it from their victims.

2011: A new variant

This next development in the history of ransomware meant that attackers no longer needed to encrypt the hijacked files, instead a fake Windows Product Activation screen, forcing users to call a number in search of an activation code at an international premium rate.

With hackers constantly working on new methods of attack, it was not long before yet another scheme was developed to best capture unsuspecting victims. In 2012 a new trojan called Reveton was developed, this had perhaps the most widespread impact so far as it spread across Europe.

Fintech investment fund introduced by BNP Paribas
Malicious botnets responsible for 40% of global login attempts
AWS clients alerted to security risks by researchers

Applying a new and sinister approach, both technically and psychologically, this trojan caused a screen to appear that locked users out from using their computers. They were faced with a screen made to look as though it was backed by the authorities, stating that the user had engaged in illegal activities and had to pay a fine. A clip of webcam footage was even included in many cases.

2013 to today: The ransomware we fear today

2013 ushered in the arrival of Cryptolocker, an attack that would give those infected a strict 72 hours to pay $400 in Bitcoin or else their encrypted files would be erased without mercy.

While previous attacks had been affecting more and more targets progressively, Cryptolocker stole the show and hit half a million computers. This huge impact is believed to have raked in in the region of $27 million for the attackers, a figure that is on par with the kind of damage done today.

The History of RansomwareAs the problem became global and impossible to ignore, a rallying cry to action came in the form of Operation Tovar, a plan to take the fight to the attackers and reduce the rampant onslaught. Hackers were caught and sentenced as the world turned a corner into the period we now inhabit, where cybersecurity is a global crisis affecting everyone.

Last year, in 2017, the world faced yet another new level of damage caused by ransomware attacks. The notorious WannaCry attack set a new precedent, dwarfing the scale of any attacks previously experienced in the history of this attack type. Over 200,000 networks in 150 countries were reached by the attack, major organisations including the NHS in the United Kingdom were completely debilitated, to a point at which it was though human lives could have been endangered. Ransomware continues to be among the top threats the world is expected to face in 2018, as the world traverses an ever more perilous threat landscape.

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how New Statesman Media Group may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.