A history of ransomware: The motives and methods behind these evolving attacks

One day in December 1989, Eddy Willems got a floppy disk that changed his life. His boss gave it to him after finding the label intriguing: “AIDS Version 2.0,” a disease that was new and strange at that time. The company, based in Antwerp, Belgium, sold medical insurance among other things, and some AIDS statistics might prove lucrative, the boss thought. So, he asked the 27-year-old Willems to test the software.

A jack-of-all-tech-trades, Willems put the 5.25-inch black plastic diskette into his PC. He ran the program, filling out a whole survey meant to tell if someone could be infected with AIDS or not. “And that was it,” Willems says. “I thought: okay, nothing really special here. I’m probably going to throw it away.” Soon, he switched off the computer and went home.

When he turned on his computer the next day, Willems noticed it had fewer folders, but he didn’t put a lot of thought into it. On the third day, however, when he booted up his computer, something strange happened. “There was a message on the screen asking me to pay,” Willems says. “It was asking me to mail $189 to a PO Box in Panama, or I couldn’t use my computer anymore. I thought, ‘What is this?’”

Willems switched off the computer and used a bootable floppy to restart it. He saw that his directories were still there, but they were hidden, and the names of the files were changed to strings of random characters. Luckily, the contents of his files were unaltered, only their names looked weird.

“I thought: This was encryption,” he says. “But it was completely ridiculous. The program wasn’t created by a real IT guy.” An analysis of the malware published a month later in the Virus Bulletin January 1990 edition said pretty much the same thing: “While the conception is ingenious and extremely devious, the actual programming is quite untidy.”