In 1989, the concept of data hijacking for money was completely unknown. However, that year everything changed with Joseph L. Popp Jr., an evolutionary biologist with ties to the WHO who sent around 20,000 floppy disks to researchers and healthcare professionals in over 90 countries.
The content appeared to be an informative questionnaire aimed at assessing risk factors related to HIV at a time when the epidemic was causing great global concern.
Then, the file seemed like a useful and legitimate tool, although beneath that appearance, a malicious code was hidden. Once installed, the program remained inactive for a determined time, functioning like a bomb.
After several reboots, the system was locked, and the file names were modified, rendering access to the stored information useless.
The first digital hijack in history
The message that appeared on the screen was clear: to regain access, the user had to pay a “license” of $189 by sending the amount to a postal address in Panama.
This mechanism, rudimentary compared to current standards, already contained the essential elements of modern ransomware: data encryption or blocking and payment demand for its release.
The malware was named AIDS Trojan, and its impact was immediate. Although technically limited, it generated considerable alarm in the scientific community, and some organizations reacted drastically. In fact, an Italian organization focused on AIDS research went so far as to completely eliminate its computer systems, leading to a loss of a decade of accumulated work out of fear of infection.
Authorities quickly got to work and traced the origin of the attack, which concluded with the arrest of Popp, who was accused of extortion. However, his case took an unexpected turn when he was declared mentally incapable of facing trial.
According to various interpretations, his intention was not so much economic as to provoke reflection on the vulnerability of computer systems.
What is ransomware and why is it so destructive
Ransomware is a type of malicious software designed to prevent access to systems or data, usually through encryption techniques. The attackers subsequently demand a payment, usually in cryptocurrencies, in exchange for the key that allows the information to be recovered.
Over time, this model has evolved into more aggressive strategies. One of the most widespread is double extortion, where cybercriminals not only block files but also extract confidential information and threaten to make it public or sell it.
The economic impact is significant. Recent estimates place the attackers’ earnings at around $1 billion in 2025.
However, the total damage to companies and institutions far exceeds that figure, reaching approximately $57 billion due to operational disruptions, data loss, and recovery costs.
The psychological pressure of paying or not
One of the most representative episodes in recent years affected the British Library in 2023. The attack paralyzed critical systems and caused prolonged service interruptions. Months later, the institution was still working to fully restore its operations.
Beyond the financial impact, ransomware generates considerable psychological pressure. Affected companies describe the experience as an extreme situation with a real risk of closure.
The decision to pay or not pay the ransom adds a complex strategic component, as meeting the demand can incentivize future attacks.
From isolated experiment to global industry
For years, ransomware remained a marginal threat due to the difficulties in monetizing the attacks. This scenario changed radically with the emergence of three key technological factors.
First, networks like Tor facilitated the anonymity of attackers. Second, the popularization of Bitcoin allowed for payments that were difficult to trace. And finally, the development of advanced encryption systems, especially asymmetric cryptography, made it possible to securely and personally lock data on each device.
Starting in 2013, these elements converged and transformed ransomware into a highly profitable business model. Then organized structures emerged, ransomware as a service (RaaS), and underground markets where ready-to-execute attack tools are traded.
By 2026, what began as an isolated action driven by a scientist has become one of the main threats to governments, businesses, and citizens.
In 1989, the concept of data hijacking for money was completely unknown. However, that year everything changed with Joseph L. Popp Jr., an evolutionary biologist with ties to the WHO who sent around 20,000 floppy disks to researchers and healthcare professionals in over 90 countries.
The content appeared to be an informative questionnaire aimed at assessing risk factors related to HIV at a time when the epidemic was causing great global concern.
Then, the file seemed like a useful and legitimate tool, although beneath that appearance, a malicious code was hidden. Once installed, the program remained inactive for a determined time, functioning like a bomb.
After several reboots, the system was locked, and the file names were modified, rendering access to the stored information useless.
The first digital hijack in history
The message that appeared on the screen was clear: to regain access, the user had to pay a “license” of $189 by sending the amount to a postal address in Panama.
This mechanism, rudimentary compared to current standards, already contained the essential elements of modern ransomware: data encryption or blocking and payment demand for its release.
The malware was named AIDS Trojan, and its impact was immediate. Although technically limited, it generated considerable alarm in the scientific community, and some organizations reacted drastically. In fact, an Italian organization focused on AIDS research went so far as to completely eliminate its computer systems, leading to a loss of a decade of accumulated work out of fear of infection.
Authorities quickly got to work and traced the origin of the attack, which concluded with the arrest of Popp, who was accused of extortion. However, his case took an unexpected turn when he was declared mentally incapable of facing trial.
According to various interpretations, his intention was not so much economic as to provoke reflection on the vulnerability of computer systems.
What is ransomware and why is it so destructive
Ransomware is a type of malicious software designed to prevent access to systems or data, usually through encryption techniques. The attackers subsequently demand a payment, usually in cryptocurrencies, in exchange for the key that allows the information to be recovered.
Over time, this model has evolved into more aggressive strategies. One of the most widespread is double extortion, where cybercriminals not only block files but also extract confidential information and threaten to make it public or sell it.
The economic impact is significant. Recent estimates place the attackers’ earnings at around $1 billion in 2025.
However, the total damage to companies and institutions far exceeds that figure, reaching approximately $57 billion due to operational disruptions, data loss, and recovery costs.
The psychological pressure of paying or not
One of the most representative episodes in recent years affected the British Library in 2023. The attack paralyzed critical systems and caused prolonged service interruptions. Months later, the institution was still working to fully restore its operations.
Beyond the financial impact, ransomware generates considerable psychological pressure. Affected companies describe the experience as an extreme situation with a real risk of closure.
The decision to pay or not pay the ransom adds a complex strategic component, as meeting the demand can incentivize future attacks.
From isolated experiment to global industry
For years, ransomware remained a marginal threat due to the difficulties in monetizing the attacks. This scenario changed radically with the emergence of three key technological factors.
First, networks like Tor facilitated the anonymity of attackers. Second, the popularization of Bitcoin allowed for payments that were difficult to trace. And finally, the development of advanced encryption systems, especially asymmetric cryptography, made it possible to securely and personally lock data on each device.
Starting in 2013, these elements converged and transformed ransomware into a highly profitable business model. Then organized structures emerged, ransomware as a service (RaaS), and underground markets where ready-to-execute attack tools are traded.
By 2026, what began as an isolated action driven by a scientist has become one of the main threats to governments, businesses, and citizens.
