A floppy disk in the mail launched the world's first ransomware attack 35 years ago

World's first ransomware attack launched via floppy disk by Dr. Joseph L. A. Popp.

: On January 1, 1990, Dr. Joseph Lewis Andrew Popp Jr. launched the first-ever ransomware attack using a 5.25-inch floppy disk. Known as the AIDS Information diskette, it targeted approximately 20,000 people, exploiting AIDS epidemic fears. John Sutcliffe and Jim Bates developed counter tools called AIDSOUT and AIDSCLEAR to combat the attack. Dr. Popp's eccentric behavior led to his confinement in a psychiatric hospital instead of a prison sentence.

At the dawn of the 1990s, Dr. Joseph Lewis Andrew Popp Jr., an American biologist, executed what is now recognized as the inaugural ransomware attack. Using a 5.25-inch floppy disk labeled "AIDS Information – Introductory Diskette 2.0," Popp reached approximately 20,000 victims, tapping into widespread fears surrounding the AIDS epidemic.

The attack did not encrypt files but file names, which was a vulnerability exploited by John Sutcliffe and Jim Bates, who quickly developed the software tools AIDSOUT and AIDSCLEAR to mitigate the ransomware's impact. Despite these efforts, significant data losses occurred, such as an Italian health organization's ten years' worth of research data destroyed by Popp's malware.

After being captured and extradited, Dr. Popp exhibited an array of bizarre behaviors, which led to his assessment as mentally unfit for trial and subsequent treatment in Maudsley Hospital. Despite questions about his mental health, the financial layout and sophistication of the scheme indicated a calculated plan with substantial expected gains.