But, instead of your loved ones being taken hostage, or your business being threatened, it might be your files, your data or your entire network. Typically, a user will download a dodgy email attachment or accidentally install a malicious piece of software masquerading as something legitimate. Then, immediately or otherwise, the ransomware will create a pop-up saying that your files have been encrypted and you need to pay to get them back. We’re going to take a look at one of the most notorious ransomware attacks from recent years, WannaCry. Plus, we investigate the very first ransomware, which even predates the internet.
WannaCry Ransomware
The WannaCry attacks first hit on May 12 2017. Over the next three days, it managed to infect some 300,000 computers, including machines that belonged to the British National Health Service and FedEx. The WannaCry infection targeted Windows PCs with out-of-date operating systems because it could use known flaws in the system to access the machines. Once a machine was infected, a pop-up claimed that all the files had been encrypted and the user was required to pay $300 in Bitcoin within three days, or $700 within seven days to retrieve their files — fairly standard procedure for ransomware. However, WannaCry also had the ability to replicate itself and spread from machine-to-machine on the same network. This made WannaCry far more potent than traditional ransomware, which is often transported by malicious files sent over email. While it created widespread panic at the time, researchers found that only 327 payments, totalling $130,634, had been made to the Bitcoin wallets listed on the pop-up.
PC Cyborg Trojan
Often considered to be the first instance of ransomware, the PC Cyborg Trojan, sometimes known as AIDS, has a colorful history. It was created by the British evolutionary biologist and HIV/AIDs researcher Dr Joseph Popp in 1989 and was mailed on a floppy disk to the attendees of a 1989 World Health Organization conference on the AIDs epidemic. AIDS masqueraded as a piece of learning software about the AIDS virus. But, once installed by the victims onto their machines, AIDS would wait until the computer had been turned off and on 90 times before ‘encrypting’ everything on the C: drive. This effectively rendered the computer useless. At this point, a window would appear claiming that the PC’s licence had expired. The user was told to contact the PC Cyborg Corporation and pay $189 to a PO box in Panama to renew the licence. After a lengthy investigation, the British police traced AIDS to Popp, and he was charged with eleven counts of blackmail. However, Popp’s lawyers claimed that he was planning to use the money sent to the PO box for research into HIV/AIDs. Before his trial, Popp’s lawyers claimed that he was unfit to face the charges pointing to some recent bizarre behavior from the doctor: While waiting for a flight at Amsterdam airport, he scribbled on another passenger’s bag “DR. POPP HAS BEEN POISONED”. He began wearing condoms on his nose, a cardboard box on his head and putting hair curlers in his beard to ward off ‘radiation.’ He didn’t convince everyone, however. A lengthy report in Virus Bulletin detailed the logistical effort involved in sourcing, copying, packaging and posting the 20,000 floppy disks used in the attack. The Guardian found that Popp had been rejected for a job at the WHO prior to the attack. He was never prosecuted, and eventually abandoned the world of hacking for a more offline career. He went on to study hamadryas baboons in East Africa and founded a butterfly conservatory in New York with his daughter.
How to Protect Yourself From Ransomware
Is there anything you can do to keep yourself safe from ransomware like WannaCry? Fortunately, the answer is yes: To learn more about scam emails to avoid, see our guide to The Latest Email Scams
