Used to describe any type of malware that encrypts files until a ransom is paid, the term "ransomware" has entered the popular lexicon, with the number of attacks increasing each year.

It is now common to read reports of major companies being targeted by cybercriminals, but ransomware as we know it today can be traced back to the 1989 AIDS Trojan Horse. In fact, the AIDS Trojan Horse, also known as Aids Info Disk or PC Cyborg Trojan, is considered to be the first documented ransomware in history.

So what was it? What actually happened? And what impact did it have?

Who Created the AIDS Trojan Horse?

AIDS was created by a Harvard-taught evolutionary biologist named Joseph Popp, and deployed in December 1989, according to SDxCentral.

The internet was in its infancy back then, but the ransomware managed to reach around 20,000 people and medical institutions.

Using stolen mail subscriber lists from the World Health Organization AIDS conference and PC Business World magazine, Popp deployed the ransomware via floppy disks.

Imprinted with a logo for the fictitious PC Cyborg Corporation, the disk was labeled as "AIDS Information Introductory Diskette" and said to contain surveys meant to determine a person's risk of contracting AIDS.

What Did the AIDS Trojan Horse Do?

The floppy disks also contained a Trojan horse written in QuickBASIC 3.0. The malware was subtle, as it did not immediately encrypt the victim's files. Rather, it hijacked AUTOEXEC.BAT.

AUTOEXEC.BAT, short for "automatically executed batch file", is a system file that was originally on DOS-type operating systems, and read upon startup by all versions of DOS.

Vintage personal computer on green background

In other words, the infected operating systems executed the file with each boot. The malware activated around the 90th boot, encrypting the names of all files on the C: drive and displaying a ransom note.

"It is time to pay for your software lease from PC Cyborg Corporation. Complete the INVOICE and attach payment for the lease option of your choice," the ransom note read, instructing the victim to mail at least $189 (equivalent to $400 in 2021) to a PO box in Panama.

What Impact Did the AIDS Ransomware Have?

Popp did not exactly get rich from deploying the world's first ransomware, since the vast majority of his targets saw no point in mailing their money to a Panama PO box.

However, many victims—most of whom worked in the medical field—panicked and wiped their hard drives, losing invaluable research data.

The AIDS Trojan Horse wasn't nearly as sophisticated as the ransomware variants that came after it, so Virus Bulletin's editorial advisor Jim Bates released in January 1990 AIDSOUT and CLEARAID, two programs that easily removed the malware and decrypted infected files.

RELATED: The Top Ransomware Removal and Decryption Tools

Popp was outed as the author of the malware in January 1990, when Dutch authorities arrested him at an Amsterdam airport, where he reportedly suffered a nervous breakdown.

Ultimately, as The Atlantic reported, Popp was deemed unfit to stand trial. He was deported to the United States, where he stayed until his death in 2007.

It remains unclear why Popp deployed the malware in the first place. In court, he claimed to have wanted to donate the ransom payments to AIDS research, but some reports allege he released the Trojan to get back at the World Health Organization for being rejected for a job.

Popp's attempt to blackmail his victims may not have been very successful, but the AIDS Trojan Horse was in many ways a turning point for cybercriminals and security experts alike.

Ransomware Protection

Research shows that the US suffered 538 percent more cyberattacks in 2020 than in 2005, with ransomware being one of the most prevalent threats.

We've come a long way since floppy disks. Most ransomware nowadays is delivered through phishing email campaigns, fake browser updates, and similar.

When it comes to ransomware, or any other type of malware for that matter, prevention is better than cure. Never click on suspicious links, never download email attachments without double checking them first, and invest in good anti-malware software.