The First Ransomware: Sex, a Doctor, and the UN

What do you get when you combine a sex-fixated Harvard doctor and a meeting of a World Health Organization in 1989? The world's first ransomware strain.

Since 2012, the number of ransomware scams has skyrocketed internationally, posing a threat to businesses of all shapes and sizes. But how exactly did this threat come to be?

The first strain of ransomware was built by a person you’d least expect – Dr Joseph L. Popp, a Harvard-educated evolutionary biologist. And his creation was delivered in a way that would make even some hardened cyber-criminals blush.

What better place to spread a virus than to 20,000 attendees of the World Health Organization’s AIDS conference, masquerading as informational software? This is where Dr Popp distributed his infected floppy disks to unsuspecting victims.

Below is the message the floppy disk recipients received if they inserted the disk:

Sounds like what a fifteen-year-old would write, rather than an evolutionary biologist.

The AIDS Trojan

The first ransomware was dubbed the ‘AIDS trojan’. It would count the number of times the computer was booted, and once this number hit 90, it would hide the directories and encrypt or lock the names of the files on C drive.

Just like its successors, the AIDS trojan demanded a ransom to solve the issue. Namely, sending $189 to PC Cyborg Corporation at a PO box in Panama.

Extortion was not a new crime, but it was in digital form. There weren’t even laws to deal with it. People panicked. And realizing their hard-drives had been compromised, some scientists preemptively deleted valuable data.

According to The Independent, one AIDS organization in Italy lost 10 years of work.

The fear was stronger than the virus. In actual fact, the Trojan could be easily thwarted, as it used simple symmetric cryptography. Those that didn’t panic soon had access to decryption tools (in the form of an “AIDSOUT” disk). Meanwhile, Popp was found out by the British anti-virus industry.

Where the Story Gets Interesting

After being named on a New Scotland Yard arrest warrant, Popp was detained in Brixton Prison.

Charged with eleven counts of blackmail and a clear link to the trojan, Popp tried to defend himself by saying the money would go to Aids research.

Strangely enough, Popp was a collaborator of the Flying Doctors, a branch of the African Medical Research Foundation, and a consultant for the WHO in Kenya. In fact, he had organized a conference in the new Global AIDS program that very year.

However, in the days leading up to his arrest, Popp had been acting very strangely indeed.

A Mad Malware Maker?

Nobody exactly knows what made Popp unleash his exploitative code.

Some believe he was genuinely trying to get money for AIDS research. Others believed it was because Popp had recently been rejected for a job at the WHO and that he was a critic of their AIDS education policies.

But the reason that the Judge ultimately accepted was that the doctor was insane.

Less than two weeks after unleashing the virus, Popp was unnerved when travelling back from the U.S. from a WHO seminar on AIDS in Nairobi. His AIDS Trojan was causing waves, and everyone was talking about it.

Authorities in Amsterdam airport suddenly started paying attention to him when he scribbled “DR. POPP HAS BEEN POISONED” on the suitcase of a fellow passenger.

From here, a baggage search lead to the discovery of a seal labelled “PC Cyborg Corp.” The FBI arrested him in his parent’s home in Ohio, then extradited him to Britain.

Stranger Behavior

As he awaited trial, Popp got odder still. According to numerous reports, he began wearing condoms on his nose, a cardboard box on his head, and begun putting curlers in his beard to ward off the threat of radiation.

In November of 1991, the Judge determined he was unfit to stand trial. But not everyone believed Popp was actually insane.

Evidence from a digital diary revealed he had been planning the trojan attack for more than a year and a half, which cast doubt on his lawyer’s claims that it was a manic episode. There was also a massive logistical effort in copying, packaging, and posting 20,000 disks. His plans also involved disseminating an additional two million disks.

Six years after the AIDS trojan was released, two cryptographers patched the holes in Popp’s leaky code by developing a class of algorithms known as public-key cryptography. This basically jump-started ransomware and transformed it into the threat we know today.

What Happened to Dr. Popp? The Oddness Continues

Once back in the United States, Dr. Popp continued his traditional career of evolutionary science. His career had started with studying hamadryas baboons in East Africa for fifteen years, which may have been where he learned to get up to monkey business.

He went on to self-publish a book called “Popular Evolution” on the “new model of self-help” which argued that humanity’s only purpose is “maximizing reproductive success.” He went on to argue for fewer working women, less income, less education, lowering the age of marriage, rural living, and no sexual education to raise the teenage birth rate.

The creator of the first strain of ransomware, everyone.

Popp did, however, go on to create a butterfly sanctuary in upstate New York – The Joseph L. Popp, Jr. Butterfly Conservatory – before his death in 2007.

His strange theories on reproductive success probably went over better with butterfly preservationists.

Share on email
Share on print
Share on facebook
Share on google
Share on twitter
Share on linkedin



Start your free 30-day trial today