[imagesource: Eddy Willems]

Floppy discs, remember those?

Perhaps the Millennial generation is the last to have seen one, lying around a parent’s office or somewhere that held one of those grey, boxy desktop computers.

They were seemingly innocuous, and used widely for data storage and computer-to-computer file sharing.

But this made them an excellent tool to spark the rise of cybercriminals or anyone willing to extort people without needing to physically be present.

A Harvard-taught evolutionary biologist named Joseph Popp was probably thinking exactly this when he sent out 20 000 floppy discs, with ransomware coded into them, in the mail to attendees of the World Health Organization’s AIDS conference in Stockholm in December 1989.

Eddy Willems (in the image above), who was working for an insurance company in Belgium at the time, was asked to check what was on the floppy disc sent to his boss.

After popping it into his computer, he became one of the first victims of ransomware.

Willems was expecting to see medical research but instead, his computer locked and a message appeared demanding that he send $189 in an envelope to a PO Box in Panama.

But Willems was one of the smarter victims, reports CNN:

“I didn’t pay the ransom or lose any data because I figured out how to reverse the situation.”

A month later, reports came out about the ransomware and Virus Bulletin, a security magazine for professionals at the time, reported on it, saying that the malware was pretty basic at least:

 “While the conception is ingenious and extremely devious, the actual programming is quite untidy,” the analysis said.

Here’s a close up of the floppy disc in question:

Willems keeps the disc on his wall as a piece of security history:

“A museum offered me $1 000 for it, but I’ve decided to keep it,” he said.

Willems is now a cybersecurity expert at G Data, a company that developed the world’s first commercial antivirus solution in 1987:

“I started to get calls from medical institutions and organizations asking how I got around it.

The incident created a lot of damage back in those days. People lost a lot of work. It was not a marginal thing — it was a big thing, even then.”

It was the first time digital extortion occurred, so there were likely a few victims out of the 20 000 people who received the disc, although how many is not clear.

Because the discs were sent to addresses via the post, law enforcement was able to trace the efforts back to Popp, who they arrested and charged with multiple counts of blackmail.

Now, he has been made famous as the inventor of ransomware.

But why did he do it?

Well, Popp was working on AIDS research at the time and some reports suggest that he had been rejected by WHO for a job opportunity.

But no one really knows why he did it, even to this day, says Willems:

“He was very influenced by something. Perhaps someone else was involved — as a biologist, how did he have money to pay for all of those discs? Was he angry about the research? Nobody knows.”

It might have been an easy and quick way to get money, or revenge, whichever way he saw it.

Popp was sent back to the US to be imprisoned and allegedly told authorities that he had planned to donate the ransom money to AIDS research.

But his attorney argued that he wasn’t so sound of mind:

He reportedly wore condoms on his nose and curlers in his beard to prove he was unwell, according to journalist Alina Simone.

It was definitely harder to get away with cybercrime back then because sending things in the post leaves a paper trail and the code could only have been infantile.

These days, though, ransomware is way more advanced, untraceable ( largely because of cryptocurrency), and able to cripple massive systems.

Take the attack on the US Colonial Pipeline, for example, that ignited a gas shortage in parts of the US last week.

In those days, Popp probably didn’t realise that he had paved the way for today’s criminal masterminds who would have better technology and organisation.

[source:cnn]