Today’s ransomware is the scourge of many organizations. But where did it start?
If we define ransomware as malware that encrypts files to extort the owner of the system, then the first malware that could be classified as ransomware is the 1989 AIDS Trojan. However, while it encrypted file(name)s and asked for a ransom, it was far from effective.
The AIDS Trojan was sent by snail mail on a floppy disk to participants of a WHO conference about HIV. It reached about 20,000 people and medical institutions. On the infected system it added itself to autoexec.bat and waited for 90 reboots before starting an encryption routine of all the files on the C: drive, hid directories, and displayed a ransom note. The ransom note instructed the victim to mail at least $189 to a PO Box in Panama. Not many victims did this, and the symmetric encryption was relatively easy to crack.