A History of Computer Viruses and Ransomware

7 min read

These days, a headline like “a hospital hit by ransomware had to stop treating patients” no longer feels unusual. We live in an era where someone really can encrypt all of your files and demand money to set them free. Yet malicious programs did not start out as money-making tools. In the beginning, they were closer to curiosity and pranks.

Today let’s follow, in chronological order, how malicious software evolved from the very first computer virus in 1971 all the way to the major ransomware outbreak that shook the world in 2017. Think of this post as a companion piece to my earlier article, What Is a Hacker.

Let’s sort out the terms first #

Before we dig in, let’s quickly clear up a few terms that often get confused. Collectively, all of these are called “malware,” meaning malicious software.

  • Virus: a program that spreads by secretly inserting its own code into other legitimate files. It only springs to life when you run an infected file, much like a biological virus that needs a host to live in.
  • Worm: a program that does not attach itself to other files but spreads on its own across the network. It moves to the next computer by itself, without you having to run anything separately.
  • Trojan horse: a method that disguises itself as a useful, legitimate program so that you install it yourself. It does not replicate on its own, but once it gets in, it leaves a back door open.
  • Ransomware: a program that encrypts your files so you can’t use them, then demands money in exchange for releasing them. The name comes from the English word “ransom.”

Now, with these terms in mind, let’s meet our first character.

1971: Creeper, the first self-replicating program #

The program most often cited as the first self-replicating one is Creeper, from 1971. It was created by Bob Thomas at a company called BBN, and it traveled between computers connected to ARPANET, which you could call the prototype of today’s internet.

Creeper displayed this message on the screen of every computer it infected: “I’M THE CREEPER : CATCH ME IF YOU CAN.” It did not corrupt data or steal information. Rather than malice, it was closer to an experiment testing a question: “Is a program that copies itself actually possible?”

What’s interesting is that the program built to remove Creeper — called Reaper — is regarded as effectively the first antivirus software. In a sense, malicious programs and the tools built to fight them were born almost simultaneously.

1986: Brain, the first PC virus #

If Creeper was a story about large computers, Brain, from 1986, is called the first virus of the personal computer (PC) era that we are familiar with. It is famous for the story that it was created by the Alvi brothers, Basit and Amjad, who ran a computer shop in Lahore, Pakistan. At the time, the two were said to be 17 and 24 years old.

What’s intriguing is the motive. The brothers said they created the virus to prevent the medical software they had developed from being illegally copied. Brain spread by planting itself in the boot sector of floppy disks, and the code even contained the brothers’ names, their shop address, and a phone number. The idea was that if someone who had made an illegal copy contacted them, they would fix the disk.

The problem was that the virus spread far beyond the brothers’ expectations. Calls poured in from the United States, the United Kingdom, and elsewhere around the world saying “please fix my computer,” and the brothers were reportedly quite taken aback. It was the first time people truly grasped how fast and how far self-replicating code could travel.

1988: The Morris Worm that brought the internet to a halt #

The first case to cause serious damage was the Morris Worm of 1988. It was created by Robert Morris, then a graduate student at Cornell University, and it began spreading on November 2, 1988.

Morris stated that his intent was to measure the size of the internet, but the code had a flaw: the worm reinfected the same computer over and over, rapidly consuming system resources. As a result, of the roughly 60,000 machines connected to the internet at the time, around 6,000 — about 10 percent — were infected and effectively paralyzed within 24 hours.

This incident was more than a technical shock. Morris became the first person convicted under the U.S. Computer Fraud and Abuse Act, enacted in 1986 — marking the beginning of an era in which computer crime was dealt with in court. He was sentenced to three years of probation, 400 hours of community service, and a fine.

2000: The world brought down by a single line saying “I love you” #

In 2000, a worm named ILOVEYOU appeared. Beginning to spread around May 4, it propagated explosively through email.

Its method targeted people’s hearts. The email subject was “ILOVEYOU,” and the attachment was named “LOVE-LETTER-FOR-YOU.TXT.vbs.” It looked like a text love letter, but it was actually an executable file. When someone opened the attachment out of curiosity, the worm automatically sent the same email to every contact in that person’s address book.

This technique, which spreads by exploiting human psychology, is called “social engineering.” The result was staggering. Tens of millions of infections were reported within ten days, and an estimated 10 percent of internet-connected computers worldwide were affected. Later estimates put the damage at around 10 billion dollars. The worm’s creator was Onel de Guzman, a student in the Philippines, but at the time the Philippines had no law adequate to prosecute such acts, so he ultimately faced no charges.

2017: The age of chasing money, and WannaCry #

If everything up to this point belonged to an age of curiosity and showing off, the tone changes completely after this. With the emergence of cryptocurrencies like Bitcoin, a path opened up to collect money in ways that are hard to trace. That is exactly why ransomware appeared.

The representative case of ransomware is WannaCry, from May 2017. WannaCry used an attack tool called EternalBlue that targeted a Windows security vulnerability. This tool was originally developed by the U.S. National Security Agency (NSA), but after it was leaked to a hacker group, it was abused for crime.

WannaCry encrypted all the files on an infected computer and threatened to release them only if the equivalent of 300 dollars in Bitcoin was sent. Because it spread across the network on its own like a worm, its reach was terrifying. According to a tally by the European police agency Europol, around 200,000 computers in about 150 countries were infected. The United Kingdom’s National Health Service (NHS) was especially hard hit: hospital computers and medical equipment stopped working, and more than 19,000 appointments were canceled.

What’s even more notable is the trend that followed. Today, ransomware has moved beyond something individuals create as a hobby and now operates like a business. One group builds the attack tools, and separate operators rent them to carry out attacks — a model known as Ransomware as a Service (RaaS). Just as legitimate IT services are sold on a subscription model, criminal tools are now rented out the same way.

Wrapping up #

In the beginning, Creeper and Brain started from curiosity and a bit of mischief — a sense of “wait, this actually works?” The Morris Worm and ILOVEYOU revealed just how large that impact could become, and by the time WannaCry arrived, malware had clearly transformed into organized crime in pursuit of money. Over the span of 50 years, malicious software evolved from an experiment into a business.

Interestingly, though, the basic defenses against this frightening evolution are surprisingly simple. First, always keep your operating system and programs up to date. The Windows vulnerability that WannaCry exploited already had a security patch available before the attack happened — meaning it could have been blocked if people had updated in time. Second, back up your important files to a separate location. Even if ransomware encrypts your files, having a copy elsewhere means there is no reason to pay.

Before any flashy security technology, the two fundamentals — updating and backing up — remain the strongest line of defense. In the next post, we’ll cover concrete ways for individuals to protect themselves from these threats in everyday life.

X