The strange history of ransomware

May 17, 2017

By Alina Simone

WannaCry, the latest extortionate malware to seize hard drives from Beijing to Boise, may seem like the product of the Mr. Robot writer’s room. But as viruses go, ransomware is actually an antique.

The first ransomware virus was unleashed in 1989 — pre-dating the Internet and email as we know it — and distributed on floppy disk by the post office.

The culprit? Joseph L. Popp, an American evolutionary biologist with a Ph.D. from Harvard. The 20,000 disks Popp sent out to health researchers around the world that year masqueraded as a survey designed to test one’s risk of contracting AIDS. But after a fixed number of reboots, the virus locked the computer. Users were instructed to turn on their printers, from which a ransom note soon emerged, demanding a $189 “licensing fee” in exchange for a decryption key.

Victims were instructed to send the ransom to a P.O. box in Panama — the 20th century equivalent to Bitcoin.

Popp’s virus terrified the medical establishment — there were newspaper reports of laboratories destroying 10 years of research upon learning their drives had been infected — however the virus turned out to be crude and ineffective. Free decryption software was quickly made available to the victims.

When the FBI finally tracked down Popp at his parent’s home in Ohio, it was clear that he was no mafia don. His behavior was so eccentric (while waiting to stand trial, he took to putting curlers in his beard “to ward off the threat of radiation”) that he was ultimately judged unfit to stand trial. Popp wasn’t motivated by money, but rather anger at the World Health Organization for a variety of reasons (some say the WHO had snubbed him for a job, others say he was a critic of their AIDS education policies). And while Popp was truly unique as cyber-villians go, it turns out that most early virus makers weren’t in for the money either.

Last year, Finnish computer security guru Mikko Hyppönen created the Malware Museum, an online kunstkammer for vintage viruses.

Shortly after the museum launched, Hyppönen explained, “How the profile of the average cybercriminal has evolved. We’ve seen huge technical changes in the types of attacks we see and the malware we analyze, but we’ve seen even larger changes in who we’re fighting," he continued. "Basically, all the samples we have in Malware Museum were written by teenage boys and their motive was fun. They did not get money. They did not get famous. They just did it because they could. The hobbyists were actually competing with one another to see whose virus spreads worldwide fastest, and who makes the biggest headlines. Some were destructive, but they were destructive for no reason at all.”

It was only within the past 15 years, according to Hyppönen, that the hobbyist hackers were replaced by criminals seeking to weaponize viruses like ransomware. Today ransomware is nearly a billion-dollar-a-year business.

After being set free, Popp resumed his colorful career and established a butterfly conservancy in upstate New York, which exists to this day. But viruses like WannaCry are surely his most important legacy.