In December 1989, a cyberattack launched by biologist-evolutionist Joseph Popp, who held a doctorate from Harvard, made history by being the first mass cyberattack aimed at obtaining a ransom. Popp sent 20,000 disks to the World AIDS Health Organization conference in Stockholm, reaching 90 countries around the world.
The attack, known as the Aids Trojan or AIDS Info Drive, took control of the Autoexe.bat file upon installation and began counting the number of computer reboots. Once the 90th reboot occurred, the system would be blocked, prompting the user to purchase a license to continue using the device.
Scotland Yard was involved in investigating this large-scale attack, marking a turning point in the history of cybersecurity. This incident with infected floppy disks paved the way for new types of digital threats that hackers continuously enhance to this day.
According to Kevin Carran, a professor of cybersecurity at the university and a senior member of IEEE, cybercriminal tactics have evolved significantly over the years, although their main goals of acquiring money and compromising systems have remained constant.
Modern cyber threats are more aggressive than previous versions. While victims used to suffer mainly from downtime and data inaccessibility, hackers now engage in double or even triple extortion, threatening not only with system blockage but also with the public release of sensitive information.
In 2021, the attack on the Colonial Pipeline in the United States illustrated the serious impact cyberattacks on critical infrastructure can have. This incident disrupted a system that supplies 50% of the fuel in North America, leading to a temporary fuel crisis in multiple states.
Cybercrime has evolved into a full-fledged industry, with hacker groups establishing business-like structures that include partner networks, resellers, suppliers, and even call centers to interact with attack victims. These call centers provide guidance on ransom payment and data recovery.
The Malicious Service Model has emerged, where hackers offer ready-made ransomware subscriptions, along with training on how to use them, to other cybercriminals. As a result, the pool of potential cybercriminals has expanded, making sophisticated tools accessible even to novices.
By 2024, the average ransom demand had risen to $2 million, significantly higher than previous years. Cybersecurity Ventures predicts that by 2031, the annual cost of ransomware attacks could skyrocket to a staggering $265 billion.