Geek Trivia: The First Ransomware Masqueraded As A?


The Explanation


Answer: Medical Survey

Ransomware is a type of malware. The setup for ransomware is pretty straightforward: after the payload executes on a computer, the contents of the computer are encrypted or the computer is locked down until the victim, held for ransom, pays up.

Today, ransomware is incredibly sophisticated, and before the victim even realizes their entire computer hard drive can be encrypted in such a fashion, their only options are to pay up to get the decryption key or write all their data off as a loss (with, hopefully, some offline backups to restore their machine from).

The first known example of ransomware, however, wasn’t nearly so sophisticated. In 1989, evolutionary biologist Dr. Joseph Popp wrote a simple Trojan disguised as a tool for learning about the AIDS epidemic and taking a medical survey to assess your risk. If you’re wondering why exactly a biologist (and an esteemed one at that) was moonlighting as a black hat hacker and writing malware, Dr. Popp had, leading up to his computer hijinks, a mental breakdown that left him behaving very erratically—he claimed that the motivation for creating the program was to raise money for AIDS research.

The program was originally distributed to a mailing list that Dr. Popp belonged to, but also ended up on one of those free software disks that used to come with many popular computer magazines and thousands of people were affected by it. After you ran the program and took the interactive survey about AIDS, it waited for you to reboot your computer 90 times and then it rewrote the names of all the files on your computer (but did not encrypt them).

Despite the infection, however, victims didn’t have to pay up, although many of them did pay the $189 Popp demanded. The malware was so poorly designed that not only was your data not encrypted, you could, albeit laboriously, simply rename all your files to undo the damage. A much easier way to restore affected systems became available once the extension and file name encryption tables were known thanks to two removal programs, AIDSOUT and CLEARAID, created by Jim Bates.

A proof-of-concept ransomware that utilized more robust encryption didn’t appear until the 1990s, when computer researchers Adam Young and Moti Yung created the first ransomware that used public key cryptopgraphy (so it was not possible for the victim to reverse engineer the code and decrypt their computer). Despite the proof-of-concept, however, such ransomware didn’t become common until the mid-2000s.