If you’ve been following my posts so far this year, you will not fail to notice that many of them have been on the subject of ransomware – unfortunately, this is because ransomware gets results.
Criminals will use any means to get money or access to systems that will allow them to perpetuate other malicious activity, and ransomware offers a quick win in those cases.
The rise of the ransomware phenomenon has been something to behold in the last 3 or 4 years, but the story of ransomware is not a new thing – the first ransomware virus hit machines back in 1989.
The AIDS Trojan
The AIDS Trojan, (A.K.A. the PC Cyborg virus) was created by biologist Joseph L. Popp who sent 20,000 infected floppy disks to attendees of the “AIDS Among Drug Abusers in Europe” Symposium held in Stockholm, Sweden.
Popp sent the disks in the post after obtaining a list of the attendees to the symposium.
The diskettes were accompanied with an official-looking EULA
How it worked
After installation, the program would count the number of times the computer was booted and once it reached 90 it would hide all the users the directories and encrypt or lock the names of the files on the C drive.
To regain access, the users would have to send $189 to PC Cyborg Corporation at a P.O. box located in Panama.
On investigation of infected machines, it was discovered that effects of the AIDS trojan were fairly easy to reverse as it used simple symmetric cryptography and tools were soon available to decrypt the files.
The first reports of affected machines came from researchers in the UK and quite a large number of victims, having never encountered such an activity on their computers started to panic and in some cases started to preemptively delete valuable data from their systems – one AIDS organisation in Italy reportedly lost 10 years of work to the attack.
Investigators eventually identified Dr. Joseph Popp as the inventor behind the AIDS trojan campaign.
Joseph L. Popp
Born in 1950, Joseph L. Popp Jr. was a Harvard-taught evolutionary biologist and had served as a part-time consultant for the WHO in Kenya as a collaborator of the Flying Doctors – A branch of the AMREF (African Medical Research Foundation)
At the time of the attack Popp had had recently been rejected for a permanent job at the WHO – something many believe was the motivation behind his attack.
Less than two weeks after unleashing his virus, Popp became unnerved while traveling back to the U.S. from a WHO seminar on AIDS in Nairobi, where news of the AIDS Trojan had been a hot topic.
He caught the attention of authorities at Amsterdam’s Schiphol airport after scribbling, “DR. POPP HAS BEEN POISONED” on the suitcase of a fellow passenger.
A baggage search at the airport led to the discovery of a seal labeled “PC Cyborg Corp.” in Popps luggage.
Popp was arrested by the FBI at his parents’ home in Willowick, Ohio and then extradited to Britain. At this point in cyber-history, there was no direct legislation under which Popp could be prosecuted for his actions, so he was charged under the 1968 Theft Act with ten counts of blackmail and criminal damage.
After arriving in London, Dr. Popp continued to exhibit increasingly strange behavior while he awaited trial. According to numerous accounts in the British press, this included wearing condoms on his nose, a cardboard box on his head, and putting curlers in his beard to ward off the threat of radiation.
In November 1991, Judge Geoffrey Rivlin determined that Popp was unfit to stand trial and was returned to the US.
Back in the United States, Dr. Popp resumed a varied career including the the opening of the Joseph L. Popp Jr. Butterfly Conservatory in Emmens, NewYork state and the self-published book “Popular Evolution: Life-Lessons from Anthropology”
Popp died in 2006 and is buried in Lake View cemetery in Cleveland, Ohio. At the time of his death he was writing a book of memoirs about his work in Africa, including the 15 year research he undertook into hamadryas baboons in East Africa.