Who Invented Ransomware And Why Is It A Business Threat?

All computer malware is potentially damaging to a business, either because it destroys, steals or disrupts access to data. This is why threat detection and security software are a fundamental part of many IT support packages.

Besides the potential legal ramifications of a data breach, which could potentially lead to gigantic fines and sanctions depending on the scale and nature of the breach.

Some virus attacks are indiscriminate and are based on self-selection with an approach similar to an advance-fee scam. 

However, as the general public becomes more aware of common malware attacks and the devices they use have some degree of protection pre-installed, malware has become more targeted with a focus on getting the greatest return.

The most clear example of this approach is ransomware, a type of malware attack where data is typically encrypted or access to a computer network is blocked unless the user pays a fee.

One of the most famous of these was WannaCry, which affected business and public sector organisations in 99 countries according to the BBC, including the National Health Service.

Much of this was found in the first-ever ransomware attack, which targeted researchers who were working on research into HIV/AIDS treatments, but also provided some universal lessons to help protect businesses.

The Malevolent Information Disk

The PC Cyborg Trojan (also known as AIDS Info Drive) was the first ever documented case of a ransomware virus, one that was so early that its method of distribution was not the internet but a mailing list and an information disk with a somewhat unusual end user license agreement.

The virus, designed for DOS in an era when it was the most dominant operating system for businesses, initially appeared to be an innocuous and relatively informative primer on what was known about HIV in 1989, but it also installed a counter that registered the number of boots.

Once it reaches 90 boots, the screen displays a red warning message demanding that the user pay PC Cyborg Corporation via a PO box in Panama to “lease” the software from the PC Cyborg Corporation. 

According to contemporary press, there were debates from solicitors regarding whether this might have been technically legal based on United States law at the time, although this turned out to be irrelevant.

To ensure that people pay the lease/ransom money, it also encrypts the names of every file on the main hard disk drive, including system files required for the computer to function properly.

A lot of affected computers, owned or used by AIDS researchers, simply chose to wipe their hard drives instead, potentially eliminating vital research work in the process. Allegedly, one health organisation based in Italy lost a decade of research data dating to the very start of the outbreak as a result.

Whilst many ransomware attacks are focused purely on money, the motivations of the writer of the PC Cyborg Trojan are somewhat less clear.

Ransom Or Revenge?

The virus was created by Dr Joseph Popp, an evolutionary biologist who did research work in Kenya during the apex of the HIV pandemic.

People who used the information diskette and the questionnaire noted that whilst it was at times badly worded and repetitive, the information included was not necessarily wrong, which suggested someone at least up to date with HIV research at the time.

This, alongside the rather untidy code and the fact that the encryption was very easily broken and reversed, suggested that the perpetrator was someone knowledgeable about biology but less confident with code.

The method of attack was remarkably intensive; some have suggested the cost of posting 20,000 physical floppy disks and incorporating a shell company in Panama would have cost as much as £10,000.

Whilst it would have taken just a few dozen people paying the ransom for him to make his money back, it was a lot of investment for a targeted attack.

Dr Popp was rejected by the World Health Organisation when he applied for a job relating to HIV research so revenge has been suggested as a possible motive. He had also claimed that he would donate the proceeds to AIDS research, which has lent credence to this theory.

When Dr Popp was arrested in Amsterdam after acting particularly suspiciously on a flight, he was taken to the UK to stand trial for blackmail; the Computer Misuse Act had not made it into law when he was standing trial.

Ultimately, he was declared not mentally fit to stand trial and was released, where he opened a butterfly conservatory in New York before passing away in 2007.