A Biologist and the First Ransomware Virus
Ransomware attacks have seen a huge increase in the last 15 years. The estimated $1 billion a year criminal industry that forces victims to pay a ransom in order to recover encrypted files is booming, but how did it all start? Well, that’s kind of a weird story.
The first known ransomware first appeared in December of 1989 when an evolutionary biologist named Joseph L. Popp sent around 20,000 floppy discs containing the virus to individuals and medical institutions.
The floppy disc was labeled as “AIDS Information Introductory Diskette” which contained a questionnaire relating the AIDS epidemic that was going on at the time.
When the disc inserted to a computer and the questionnaire is opened, another file on the disc will infect a critical windows file called “AUTOEXEC.BAT,” this file runs every time the computer is turned on.
Once the virus infects the computer, it will start a count of how many times the computer is turned on. Once the computer is turned on a total of 90 times, the virus activates.
The virus would encrypt all the files in the primary C: drive of the computer and change the file extension to make them unusable.
The victim would them be presented with a scary looking message stating that a lease for software as expired and that they must pay for the computer to be unlocked. The victim could pay for another “lease” of the software that will allow their computer to remain unlocked for a year at a payment of $189 or the victim could pay $378 for a lifetime “lease.”
The note would demand that the payment be sent in form of a banker’s draft, cashier’s check or an international money order be sent to a PO box in Panama made out to a company called PC CYBORG CORPORATION.
One organization in Italy reportedly lost close to 10 years of work to the virus after it had locked the system.
The encryption the virus used was extremely weak and a research by the name Jim Bates was quickly able to release a tool that would reverse the damage of the virus.
Where the story gets weird is when we start talking about the creator of the virus, Joseph Popp. Joseph Popp was a Harvard educated man that studied evolution but most recently in that time, he was focused on AIDS research.
Popp was heavily invested in the international AIDS epidemic and would frequent WHO seminars discussing the issue. Popp was also critical of WHO for their lack luster response as well as possibly being denied a job at the organization.
It is suspected that Dr. Popp had obtained a mailing address of the 20,000 organizations and individuals and that was how he chose who to send the virus to.
2 weeks after the virus started showing the message Popp was arrested in an Amsterdam Airport after having a break down and writing “DR POPP HAS BEEN POISONED” on another passenger’s suitcase.
While in custody, Netherland Police found items with “PC Cyborg Corp” written on them in Popp’s bag.
He was later released and arrived back in the US where he was arrested by the FBI at his parent’s home in Ohio.
When arrested Joseph claimed that he was going to donate the money he received to AIDS research but that was never confirmed.
He was then extradited to Britain on charges of blackmail. While awaiting trial, Popp’s behavior continued to get stranger. Reportedly Popp would where condoms on his nose and a cardboard box on his head. He would also sport curlers in his beard reportedly to protect himself from radiation and micro-organisms.
Popp was eventually deemed mentally unfit to stand trial and was sent back to the US a free man.
The rest of his career Popp released a “self-help” book where he argued for less working women, less income, less education and lowering the age of marriage in order to increase teenage pregnancy rates.
Popp ended up creating a butterfly sanctuary in Oneonta, New York. The Joseph L. Popp Jr. Butterfly Conservatory houses 150 different animals ranging from butterflies, reptiles and birds.
Popp would eventually die in 2007, leaving his mark on the world as an extremely unique individual who’s creativity sparked one of the most destructive forms of malware on the planet.