This article has been indexed from The Duo Blog
The insidious nature of malicious software has not been lost on any of us. Computers and networks have been dealing with malware in one form or another for decades. Though in recent weeks ransomware has firmly been in the forefront of people’s minds, the first documented instance of what we now know as ransomware dates back to Dr. Joseph Popp in 1989. This raises the question, why is ransomware in such clear focus now?
Honestly? Because we’ve all had enough of it.
When Popp’s AIDS ransomware was released, it didn’t rely on an internet connection, nor did it have the benefit of Satoshi’s brain child (which was still years away). It would install from a CD onto the hard drive where it would overwrite the AUTOEXEC.BAT file and wait until the system rebooted 90 times. Next, it would encrypt files on the victim’s system and deny access until they sent a $189 payment to a post office box in Panama.
Bait CDs were then distributed at the World Health Organization’s AIDS conference. From there the malware found its way onto multiple systems. Now, extortion is nothing new. According to James Lindgren’s paper, “The Theory, History, and Practice of the Bribery-Extortion Distinction,” extortion has been used for manipulation and profit since the 1200s. But the act of doing so in a digital medium was indeed novel at this point in history.
Back in 1989, there was the maddening aspect of having to produce and send out CDs via the postal service. Apparently, Popp’s plans included a proposed further distribution to an additional 2 million potential targets. At that volume, the production and distribution costs alone would have been staggering, hence the (then) high cost of $189 to the victim.
Today, an attacker only needs to upload code to a file share and send out a link, and they’re off to the races. Costs for the criminal element have dropped. Ease of distribution has skyrocketed, and collecting extortion payments has become very simple.
So simple, in fact, that anyone can get in on the action. Sometimes this happens with extremely unfortunate consequences. For example, The Doctor, the Hospital & the Ransomware