By Franklin Aguilar and Chris David
You may have heard about a type of virus, or malware, that once on your computer will seek out and encrypt all your important files, your pictures and documents. Everything! And in order to get your files back, you’ll have to pay up. This special type of malware is known as “ransomware”.
Ransomware has recently earned infamy and scorn among the IT community, governments and businesses alike. And some companies have been forced to pay hundreds of thousands of dollars to get their files back. But this special type of malware is not new.
Was ransomware the brainchild of some brilliant computer hacker? A criminal mastermind? Not exactly. Ransomware has a long and bizarre history going back to the late 1980s.
Harvard-educated evolutionary biologist Dr. Joseph L. Popp spent over 15 years studying baboons in East Africa. He opened a butterfly conservation center in New York, and he also conducted AIDS research as a consultant with the World Health Organization.
In 1989, at the World Health Organization international AIDS conference in Stockholm, Dr. Popp gave out some 20,000 floppy disks to scientists and researches attending the event. Popp also distributed the disks via postal service. The free floppy disks contained AIDS education software, scientific studies and logs, and also offered a program that would measure a person’s risk of contracting the AIDS virus based on an interactive survey.
But the free software was hiding an unpleasant surprise.
Once installed to the computer, the software would deploy a virus that would keep track of how many times the computer was rebooted. When the computer was rebooted 90 times, the virus encrypted all files on the hard drive, locking the drive and making the system unusable. Then the virus would display the image of a handwritten ransom note, instructing the user to print the note and send a “licensing fee” of $189 to a Panamanian PO Box. Only by paying this fee, would the victim receive a software tool to decrypt their files.
Victims went into panic mode. One AIDS research organization in Italy lost ten years of work. Another group reported that they lost years of work that could have led to a cure. Eventually, evidence was found linking Dr. Popp to the PO Box in Panama, and the doctor was arrested by the FBI at his parents’ home in Ohio. Many entities and large companies sued Dr. Popp, but at the time, there were no specific law that could apply to cybercrime. He was extradited to Britain on counts of blackmail and criminal damage, where he stood trial.
But things got more bizarre during Popp’s trial. Leading up to and during his trial, the doctor exhibited strange behavior, including wearing a condom on his nose and a cardboard box on his head. He also put curlers in his beard, saying that the curlers would deflect radiation. In November 1991, the judge ruled that Dr. Popp was unfit to stand trial.
Dr. Popp, the alleged creator of the first ransomware virus, was set free.
Was the doctor really insane? What could have led him to create this virus? Based on evidence from Popp’s digital diary, some believed that the doctor was planning his crimes for more than a year and half. Another report stated that Popp planned on distributing an additional two million disks with the software. His lawyer claimed that Popp planned on donating the ransomware profits to alternative AIDS research, since he was rejected for a job at the WHO.
Doctor Popp died in 2007, so we’ll never know his true motives. But the release of that first ransomware led to advancements in public-key cryptography and has inspired increasingly sophisticated ransomware versions, such as Cryptolocker.
The origins of this class of virus are strange for sure, and this story will remind us to practice good computer security practices. Most importantly… keep your files backed up and know what programs you are installing on your computer!