- Also called:
- cryptoviral extortion
Origins and development
The first documented ransomware, known as “AIDS Trojan,” was introduced in 1989. American biologist Joseph Popp, who later claimed that he had created the
virus
to raise money for
AIDS
research, distributed 20,000 infected
floppy disks
to attendees of the
World Health Organization
(WHO) AIDS
conference
. Once Popp’s victims had loaded the disks’ contents onto their hard drives, the AIDS Trojan virus waited until the users had rebooted their computers 90 times?upon which the names of users’ files were encrypted. Later a fraudulent request for the users to pay up to $378 “for your software lease” appeared?the payment to be mailed to “PC Cyborg Corporation” at a post office box in
Panama
. The experts who analyzed the operation noted that Popp’s plan had three flaws: a slow expensive distribution method, a serious design failure (decryption was relatively easy), and physically traceable ransom payments.
For the next decade, this new form of blackmail was studied more often than it was executed. In 1992 South African software engineer Sebastiaan von Solms and Israeli cryptographer David Naccache published a paper titled “On Blind Signatures and Perfect Crimes,” wherein they suggested that blind digital signatures?such as those now used in cryptocurrency transactions?might lead to a perfect ransomware crime. About 1995
Columbia University
researchers Adam L. Young and Moti Yung
foresaw
the business model for modern ransomware, which they presented in a 1996 article explaining not only how the AIDS Trojan virus failed but also how well it might have worked if it had extorted electronic money.
Ransomware made its return in the mid-2000s. The first notable cryptovirus was GPCode, which began spreading throughout
Russia
in 2004 as a malicious
Word
document file that victims believed to be a job application. Those who downloaded the virus, which made victims’ files unopenable, were told to send payments to one of two digital currency services in order to regain access to their files. The Archiveus Trojan virus that followed in 2006 was the first ransomware strand to use an
RSA encryption
algorithm
, which
encoded
every document in the victims’
Windows
“My Documents” folder and demanded that victims purchase items from an online
pharmacy
in exchange for the 30-digit password. The impact of the Archiveus Trojan virus was lessened when the unlocking password was discovered and published by cybersecurity researchers.
Modern developments
In the early to mid-2010s the number of ransomware viruses in circulation began to skyrocket. In the third quarter of 2011 there were approximately 60,000 viruses in circulation, and in the third quarter of 2012 there were more than 200,000. By the first quarter of 2015 there were nearly 725,000 ransomware viruses in circulation. Moreover, these newer ransomware viruses continued to improve on the old ones. The 2013 virus CryptoLocker, for example, took advantage of a botnet (a set of networked devices) to distribute its
payload
(
see also
information system: Information systems security and control
). The virus also used 2048-bit RSA encryption?which, theoretically, can be broken only by a
quantum computer
?to lock victims’ files. CryptoLocker demanded payment in Bitcoin, which is much more difficult to track than traditional (
fiat
)
currencies
. The resulting profits were high: when the
FBI
took down the botnet distributing CryptoLocker in 2014, it was discovered that the criminals had made about $3 million in nine months.
One of the most significant developments in ransomware was the introduction of ransomware as a service (RaaS) in the early 2010s, wherein ransomware is sold to people who want to
perpetrate
an attack but lack the skills to create viruses themselves. RaaS providers can be quite sophisticated, including documentation, updates, and 24/7 technical support for the buyer, all of which may be paid for through a one-time purchase, a monthly fee, or a profit-sharing scheme. RaaS has effectively raised the ceiling on the number of ransomware attacks that can be committed, since the number of people capable of such attacks was previously quite low.
Get a Britannica Premium subscription and gain access to exclusive content.
Subscribe Now
Since 2017 the scale of ransomware schemes has also increased. Large
corporations
are often targeted by criminal groups for ransomware attacks in hopes of extorting larger payments than most individuals could afford. For example, in June 2021 a criminal group calling itself Pinchy Spider infected the computers of the meatpacking corporation JBS and was paid $11 million in Bitcoin for its efforts. Another group, Carbon Spider, struck Colonial Pipeline in July of that same year, extorting at least $5 million. The economic impact of these plots and others has been so substantial that ransomware has become an important subject of discussion at intergovernmental summits, such as the International Counter Ransomware
Initiative
Summits hosted by the
United States
in 2021 and 2022.
Adam Volle