The History of Ransomware

By John King, CISSP, PMP, CISM •  Updated: 01/03/23 •  3 min read

The history of ransomware can be traced back to the late 1980s and early 1990s, when it was first used as a tool for extortion. At that time, ransomware attacks were relatively simple and involved the use of Trojan horses or other malware to infect a computer system, encrypt its files, and demand payment in exchange for the decryption key.


The first known instance of ransomware occurred in 1989, when the AIDS Trojan was released. This malware infected computers running the Microsoft DOS operating system and encrypted the user’s files until a ransom was paid. The malware was disguised as a legitimate application that claimed to cure AIDS, but upon execution, it infected the system and demanded a fee of $189 to decrypt the files.
Over the next decade, ransomware attacks became more sophisticated and widespread. In 2004, the Trojan Cryptolocker was released, which targeted Windows systems and encrypted users’ personal files, including documents, photos, and music. The attackers demanded a ransom payment in exchange for the decryption key, threatening to delete the files if the payment was not received within a specific time frame.


In the years that followed, ransomware attacks continued to evolve, becoming more targeted and sophisticated. In 2013, the CryptoLocker ransomware variant was released, which used advanced encryption methods and was capable of spreading via email attachments and infected websites. This variant was particularly successful, causing significant damage to businesses and individuals around the world.


In 2016, the ransomware attack known as WannaCry made headlines after infecting over 200,000 computers in 150 countries, including the UK National Health Service. The attack used a vulnerability in the Microsoft Windows operating system to spread rapidly, encrypting users’ files and demanding a ransom payment in bitcoin.


Since then, ransomware attacks have become even more widespread and sophisticated, with new variants constantly being released. In 2017, the Petya ransomware attack affected computers in over 65 countries, causing significant damage to businesses and government agencies.


In recent years, ransomware attacks have become a significant threat to businesses and individuals around the world, with many falling victim to these attacks. These attacks often use social engineering techniques to trick users to click on malicious links or downloading infected files. Once the ransomware is installed, it can be difficult to remove without paying the ransom.


To protect against ransomware attacks, it is crucial to keep all software and operating systems up to date with the latest security patches, use antivirus software, and be cautious when opening emails or clicking on links from unknown sources. It is also a good idea to regularly back up important files to prevent loss in an attack.


In conclusion, the history of ransomware is a long and ongoing one, with attacks becoming more sophisticated and widespread over time. It is a major threat to businesses and individuals worldwide, and it is essential to take steps to protect against these attacks to prevent loss and damage.

John King, CISSP, PMP, CISM

John King currently works in the greater Los Angeles area as a ISSO (Information Systems Security Officer). John has a passion for learning and developing his cyber security skills through education, hands on work, and studying for IT certifications.