Ransomware is not new. In fact, the first cyber ransomware attack was released in December of 1989. Dr. Joseph V. Popp mailed out 20,000 floppy disks infected with the AIDS Information Trojan. The program purported to be an expert system to advise you about your risk of contracting HIV and AIDS, but after you'd run it 90 times, it scrambled your hard disk.
Those of us around at the time will remember that back in 1989 everyone switched off their computer at the end of the day, so the 90th reboot generally took place four to five months after first running the program. The user was then presented with a ransom note demanding US$189 for one year's use of the program or $378 for lifetime use. Payment was via a Bankers Draft to a company in Panama.
Unfortunately for Dr. Popp, the cypher used was trivial to crack and free decryption tools quickly became available. Plus, the idea of sending payment via a Bankers Draft to Panama was a non-starter. As a result, the enterprise failed to generate any revenue, and instead landed him with a court appearance.
There are three main hurdles that cybercriminals need to overcome to effect a successful ransomware attack:
(1) getting the ransomware onto the victim's devices
(2) encrypting and decrypting the files
(3) receiving the payment.
While Dr. Popp had identified an effective, although not really scalable, approach to get his threat onto the victims' devices (he had to write those 20,000 floppy discs manually), he fell down with the encryption and payment parts of the process.
Exploiting opportunities:
The AIDS Information Trojan attack did have one hallmark of success: it took advantage of a wider environmental opportunity, namely the widespread concern around HIV/AIDS at that time. Since then, cybercriminals have continued to take advantage of developments in both technology and wider society to evolve and finesse their ransomware attacks, including:
The rise of free email services:
These services enabled hackers to create unlimited, untraceable email addresses for the first time, leading to the start of large scale spam campaigns used to spread ransomware.
The move from dial-up to ADSL connections;
which enabled more people to use the internet, and for longer periods of time, gave the crooks a larger target area for their attacks.
Geo-targeting abilities:
allowed cybercriminals to focus their attacks on a particular country/ region. Geo-targeting increased success rates by enabling attackers to exploit local hot topics in email attacks while also customizing the language for their audience.
Prepaid credit cards:
gave the crooks an accessible, anonymous way for people to pay ransom demands.
The availability of cryptocurrencies:
particularly Bitcoin, gave criminals another reliable and accessible way to get payments.
As a result of exploiting these (and other) opportunities, cybercriminals had solved the three main challenges facing ransomware, enabling it to become a viable commercial business.