The first-ever ransomware dropped 35 years ago disguised as a floppy sharing 'AIDS Information'

News
By
published

20,000 PC Business World magazine subscribers received this 5.25-inch floppy in the mail.

5.25-inch floppy disk
(Image credit: Shutterstock)

Thirty-five years ago, as December 1989 turned into January 1990, the then-largest ever cybercrime investigation was launched in response to the world's first known example of ransomware. This first ransomware payload was secreted on a 5.25-inch floppy disk titled "AIDS Information — Introductory Diskette 2.0" [h/t Heise.de]. The pioneering ransomware was developed by one American biologist, Dr. Joseph Lewis Andrew Popp Jr., and about 20.000 copies were distributed to subscribers of the magazine PC Business World, various mailing lists, and even to World Health Organization delegates during a conference on AIDS.

As one may be able to deduce by the years and names being thrown around, this attack's choice of target was highly intelligent and the method of delivery exploited people's existing fears of a terrifying new biological virus at a time when knowledge of regular computer viruses was at an all-time low — much less an all-new form of malware meant to extort its victims.

Compared to modern-day attacks, Dr. Popp's rendition of ransomware is a little bit sloppy. Only file names, not the files themselves, were encrypted by this ransomware. Thanks to this, effective software countermeasures ("AIDSOUT" to remove it and "AIDSCLEAR" to check for hidden directories combined into "CLEARAID") were developed by John Sutcliffe and Jim Bates to rescue impacted parties. Unfortunately, several parties still experienced severe financial damages and data loss thanks to the "AIDS Information" ransomware, including an Italian health organization that lost a whopping 10 years of research to the attack.

Interestingly, ransomware pioneer Dr. Popp Jr. wasn't just the most effective cybercriminal in history at this point in time... he also seemed to be at least a little bit crazy. Following several arrests and extraditions, it was concluded that the then-41-year-old Dr. was "mentally unfit to stand trial" by a London psychiatrist, and prior to the trial, had been witnessed wearing condoms on his nose, carrying a cardboard box, and other extremely odd behaviors that diverted him from prison to London's Mausley Hospital.

Now, here in the far future from these events, there is some salt required. After all, this was a very complex and targeted attack to be executed by someone who supposedly didn't have their mental faculties in check. Even the cost of distributing the attack was estimated at around £10,000 British pounds — or about £31,794.86 or roughly $38,600 USD today. There was also the cost of registering "PC Cyborg" and its accompanying accounts in Panama, as well as renting housing in London. However, the ransom demands meant that even just 1% of victims paying the fee would grant a handsome return.

Christopher Harper
Christopher Harper
Contributing Writer

Christopher Harper has been a successful freelance tech writer specializing in PC hardware and gaming since 2015, and ghostwrote for various B2B clients in High School before that. Outside of work, Christopher is best known to friends and rivals as an active competitive player in various eSports (particularly fighting games and arena shooters) and a purveyor of music ranging from Jimi Hendrix to Killer Mike to the Sonic Adventure 2 soundtrack.

6 Comments Comment from the forums
  • Alvar "Miles" Udell
    Encrypted file names are a bit more damaging if every file were renamed to KdArDj~1.doc in the age of command prompt.
    Reply
  • acadia11
    Maybe I missed what was the fee? And I’m sure this attack and bit of social engineering would still work!
    Reply
  • Alvar "Miles" Udell
    acadia11 said:
    Maybe I missed what was the fee? And I’m sure this attack and bit of social engineering would still work!

    https://ransomware.org/blog/the-first-ransomware-attack-lessons-learned-from-history/
    $189.
    Reply
  • sinteger
    This was an experiment in the fallacy of man. The material that was sent to each recipient told you almost explicitly what was about to happen:

    "First, read and assent to the limited warranty and to the license agreement on the reverse. "

    The "limited warranty and license agreement on the reverse" then tells you that you do not own the software, it is licensed, at a cost of (a) $189 for 365 user applications (some said this was a year but that isn't the case) or (b) $378 for the "lifetime of your harddrive, or 60 years, whichever is lesser."

    "If you install these programs on a microcomputer (by the Install program or by the share program option or by any other means), then under the terms of this license you thereby agree to pay PC Cyborg Corporation in full for the cost of leasing these programs. In the case of your breach of this license agreement, PC Cyborg Corporation reserves the right to take any legal action necessary to recover any outstanding debts payable to PC Cyborg Corporation and to use program mechanisms to ensure termination of your use of the programs. These program mechanisms will adversely affect other program applications on microcomputers. You are hereby advised of the most serious consequences of your failure to abide by the terms of the license agreement: your conscience may haunt you for the rest of your life; you will owe compensation and possible damages to PC Cyborg Corporation; and your microcomputer will stop functioning normally. Warning: Do not use these programs with others, unless the programs are accompanied by all program documentation including this license agreement, you fully inform the recipient of the terms of this agreement, and the recipient assents to the terms of the agreement, including the mandatory payments to PC Cyborg Corporation."
    Reply
  • acadia11
    sinteger said:
    This was an experiment in the fallacy of man. The material that was sent to each recipient told you almost explicitly what was about to happen:

    "First, read and assent to the limited warranty and to the license agreement on the reverse. "

    The "limited warranty and license agreement on the reverse" then tells you that you do not own the software, it is licensed, at a cost of (a) $189 for 365 user applications (some said this was a year but that isn't the case) or (b) $378 for the "lifetime of your harddrive, or 60 years, whichever is lesser."

    "If you install these programs on a microcomputer (by the Install program or by the share program option or by any other means), then under the terms of this license you thereby agree to pay PC Cyborg Corporation in full for the cost of leasing these programs. In the case of your breach of this license agreement, PC Cyborg Corporation reserves the right to take any legal action necessary to recover any outstanding debts payable to PC Cyborg Corporation and to use program mechanisms to ensure termination of your use of the programs. These program mechanisms will adversely affect other program applications on microcomputers. You are hereby advised of the most serious consequences of your failure to abide by the terms of the license agreement: your conscience may haunt you for the rest of your life; you will owe compensation and possible damages to PC Cyborg Corporation; and your microcomputer will stop functioning normally. Warning: Do not use these programs with others, unless the programs are accompanied by all program documentation including this license agreement, you fully inform the recipient of the terms of this agreement, and the recipient assents to the terms of the agreement, including the mandatory payments to PC Cyborg Corporation."
    And that my friend was the beginning of the Apple EULA, the Facebook EuLa, windows EULA … oh I see the pattern …
    Reply
  • derekullo
    So ransomware is just software without a EULA.
    Never thought of it that way lol

    "His obviously did as a half joke but modern ransomware ones ... don't!"
    Reply