The world's first Ransomware was spread by floppy disk in 1989

ByDave Matos

Sneak into the user's computer, suddenly restrict access to data stored on the computer when the incubation period expires and demand money "If you want you to cancel it, pay the ransom"RansomwareIn many cases it seems to be a type of malware that symbolizes the Internet era, but in reality its origin was in 1989, when floppy disks were still used in active use far before Windows 95 appeared That's right.

The World's First Ransomware Came on a Floppy Disk in 1989 - Motherboard
https://motherboard.vice.com/en_us/article/the-worlds-first-ransomware-came-on-a-floppy-disk-in-1989

In December 1989 I was working for an insurance company in BelgiumEddie WillemsHas inserted the floppy disk that was sent to me to the PC I was using at work and read the data. At the end of the floppy, a program to determine the risk of infection with AIDS / HIV is included, and Willemus says that he installed the program and answered the displayed question.

After that, Mr. Willems was spending no particular time worrying about that, but after a few days, the computer that I was suddenly using was locked. And on the screen you will see a message saying "Please transfer $ 189 to the PO Box in Panama (about 27,000 yen at that rate)" and that your invoice has been printed from the printer carefully Thing. It seems that Mr. Willemus thought that "I should pay it, damn it."

Willemus who actually has 5 inch floppy disk and paper in hand. After the incident, Mr. Willems has been active as a computer security expert.


Actually, at this time, as with Willems, about 20,000 people received this floppy disk in the whole world. This will be widely known later "AIDS Floppy case"The 39-year-old culprit Joseph Pop who planned this case will be arrested.

Compared with the modern one, the malware of this time was relatively simple in structure, and it was impossible to deal with it by oneself if time to come. In fact, although the file became unusable, actually the file name and extension were only rewritten, and the encryption table which replaced the character string seems to be the one which comes to the pin as soon as the expert sees . Published in 1990(PDF)January 1990 issue of Virus Bulletin"The concept itself is very skillful and vicious, but the actual programming is really poor" is stated.

In the United Kingdom I received this floppy disk was a person who had subscribed to the computer magazine "PC Business World". Many people were targeted cases, but Dr. Pop was arrested for a long time as the mechanism itself was simple and the remittance destination was clearly stated as mentioned above as well. Because the name of the account designated by Dr. Pop was "PC Cyborg" company, this case is also called "PC Cyborg incident".

Originally it was Ransomuware which did not show spreading so much because it got a leg from the account, but since the expansion of the Internet thereafter, since the 2000s it has been in the ranges of 'Gpcode', 'Krotten', 'Cryzip' etc. Ransomware He shook the rage. Also, in recent years there is also popularization of the online currency "bit coin", and the number of fellows who work wrong while maintaining anonymity is increasing.

The case where Bitcoin is used for malware money demand is increasing - GIGAZINE


As it were, it was an AIDS floppy incident that could be said to be the origin of Ransomware, but the actual disks used at this time are still valuable as historical evidence. Mr. Willemus later confirmed his career as an expert in computer security, he said he said "Thank you" when asked if Dr. Pop, the perpetrator, wants to say something.