The history and how to stay clear of ransomware

Published by Gregor Frimodt-Møller on

It’s not the first time or the last time we write about ransomware. So, we decided it was time for a history lesson, where we would take a quick dive into ransomware, what it was, and what it has become.


Ransomware goes way back, and some would say it started in the early 2000’s, while others will tell you that you’ll have to fast-rewind to the late 1980’s. One documented ransomware attack in 1989 was called the AIDS Trojan, and it was a type of PC Cyborg virus and get this, it was distributed via a floppy dick – oh, how we miss those days. The disks were mailed to attendees of World Health Organization’s AIDS conference and when loaded, it encrypted the files on the computer. Here the message ransom message appeared on users’ screens – saying if they would like the files released, and they should mail $189 to a P.O. box in Panama. There you have it, this may be the first ransomware attack ever. It’s not really clear if this was a fruitful business, after all the criminal had to mail all these disk to the attendees, but today’s methods have changed, and we are looking at an industry, which is pushing trillions of dollars.


After this first attack, it seems there was a period of non-existent ransomware attacks, but then came the mid 2000’s, and it all went down the rabbit hole yet again. The first variants of, let me call them modern ransomware began emerging, amongst others GPCode and Archievus – these types of ransomware were focusing on high distribution, but low ransom fees, which is different from what we see today. However, there are also similarities from what we see today, most ransomware finds its way onto users’ system via phishing and malicious website links. 

Screen locking started becoming a well feared ransomware tactic in various industries and personal computers in the late 2000’s. Let’s take another jump into the 2010’s, where things are really starting to evolve, and we are looking at CryptoLocker which is also a big hit – and is said to have had a revenue of $30 million over 100 days. JavaScript ransomware is also feared, making users uninstall software and even ransomware-as-a-service sees the light of day. Ransomware is turning into a real industry, and it all seems to culminate in 2017 where the entire world is talking about WannaCry, Petya and Not-Petya – numerus industries are hit, 200.000 computers across 150 countries meaning that hospitals had to cancel surgeries, railway information was affected, students unable to access their computers and the list kept going. After the 2017 attacks, the word ‘ransomware’ really became something everyone was familiar with. Luckily this also meant that we understood that we needed some sort of protection the criminals couldn’t get to – remote backup.  It seems that we are never truly clear of ransomware, and this tactic was also used during the COVID19 lockdown.

Ransomware in the future

So, what happens from here? Honestly, we can’t know, but it seems that ransomware is here to stay. Recently ransomware has also found its way into Microsoft Teams, where criminals are exploiting the platforms popularity by promoting fake updates, and yes, you’ve got it contains ransomware and not an actual update. Wondering what you need to do now to stay clear of ransomware? Join us 23 November 10.00 -11.00 CET, where we will host one of the most intriguing events of the year together, with no other than IBM and Veeam Software: “Protect your SaaS applications against cyber threats”.

Request a demo