The History and Evolution of Computer Viruses, Malware and Ransomware


Top 10 Most Expensive Viruses in History

  1. MyDoom – $38 billion
  2. Sobig – $30 billion
  3. Klez – $19.8 billion
  4. ILOVEYOU – $15 billion
  5. WannaCry – $4 billion
  6. Zeus – $3 billion
  7. Code Red – $2.4 billion
  8. Slammer – $1.2 billion
  9. CryptoLocker – $665 million
  10. Sasser – $500 million

The Dawn of Digital Malfeasance

In order to truly understand the progression and implications of computer viruses, malware, and ransomware, we must journey back to the dawn of the digital age. The first recognized computer virus was not as malicious as today’s myriad threats, but rather an experiment in artificial life and machine reproduction.

In 1971, Bob Thomas, a programmer at BBN Technologies, created the Creeper virus, an experimental, self-duplicating program designed to demonstrate the concept of a mobile application. Creeper’s functionality was quite simple: it hopped between DEC PDP-10 computers running the TENEX operating system via the ARPANET (the precursor to the modern internet), displaying the message, “I’m the creeper, catch me if you can!” Contrary to most of today’s viruses, Creeper didn’t alter or delete files, but it did cause system slowdowns due to its relentless reproduction.

Later, in 1974, a more malevolent self-replicating program was released. Called the “Wabbit” virus, this program would spawn copies of itself, consuming system resources until the computer ultimately crashed. The Wabbit was a harbinger of a darker era to come, where malicious software would be designed with harmful intent, rather than merely for exploration or demonstration purposes.



The Rise of Viruses and Worms

The 1980s brought an explosion of personal computing and, with it, a new era of computer viruses. One of the most notable of this time was the Brain virus, credited as the first PC virus in the wild. Developed in 1986 by the Farooq Alvi brothers in Pakistan, Brain was a boot sector virus designed to protect their medical software from piracy, but it ended up spreading globally through floppy disks.

The Morris Worm, unleashed in 1988 by Robert Tappan Morris, was one of the earliest and most infamous internet worms. The worm was purportedly designed to gauge the size of the internet, but a coding error caused it to replicate and spread exponentially, resulting in slowed-down or entirely inoperable systems. An estimated 6,000 computers were affected, a significant number considering the relatively small size of the internet at that time.



Top 5 Most Infamous Malware

  2. MyDoom
  3. Zeus Trojan
  4. CryptoLocker
  5. Emotet Trojan

The Emergence of Malware and Spyware

The term “malware” was coined in the 1990s to describe software designed with the intent to cause harm to a computer system, user, or network. One infamous example is the ILOVEYOU virus, a worm that spread via email in 2000. Masquerading as a love confession, the ILOVEYOU virus would overwrite files, including system files, making the computer unbootable. It affected millions of computers and caused billions of dollars in damages, showcasing the enormous potential impact of malicious software.

Spyware, a subcategory of malware designed to spy on users, collecting their personal and confidential information without consent, also began to proliferate in the late 1990s and early 2000s. Programs like CoolWebSearch diverted victims’ web browsers to unwanted websites, monitored browsing habits, and installed additional software, often disrupting system operations.



The Advent and Evolution of Ransomware

Ransomware, a malicious program that encrypts the victim’s files and demands a ransom to decrypt them, emerged as a significant threat in the late 2000s and has evolved rapidly since. The first known ransomware, known as the AIDS Trojan or PC Cyborg, was created by biologist Joseph L. Popp in 1989. The trojan would hide directories and encrypt the names of all files on the C drive, making the system unusable, before demanding a ransom to reverse the process.

In the early days, ransomware was relatively simple and often relied on scare tactics rather than actual encryption. For instance, the 2012 Reveton ransomware would lock users’ screens and display a message claiming to be from a law enforcement agency, stating that illegal activity had been detected on the computer, and a fine had to be paid.

However, modern ransomware, like the infamous WannaCry and Petya/NotPetya, has become much more sophisticated and destructive. These viruses not only encrypt users’ files but also exploit vulnerabilities in Windows’ SMB (Server Message Block) protocol to spread across networks, causing widespread damage.



Are you protected?

As you’re reading this article, if you’re thinking about your current disaster recovery plan(s) and how they could be improved, and simplified, when it comes to your IT servers, then contact us today.  Click the “Contact Us” at the top and send an email to our “Sales” team to discuss how BBG’s Disaster Recovery as a Service is the best in the industry.



The Age of Advanced Persistent Threats

As we entered the 2010s, the landscape of cyber threats took a significant turn towards state-sponsored attacks and Advanced Persistent Threats (APTs). In 2010, the Stuxnet worm became a game-changer in cybersecurity. Believed to be a joint effort by the US and Israel, Stuxnet was specifically designed to sabotage Iran’s nuclear program. It showed how a virus could cause real-world, physical damage, marking a new era of cyber warfare.

Another infamous APT is the Equation Group, which cybersecurity firm Kaspersky Labs uncovered in 2015. Widely suspected to be a part of the US National Security Agency (NSA), the Equation Group was responsible for a series of sophisticated and damaging attacks, demonstrating advanced techniques, tools, and capabilities.



Evolution of Ransomware

Over the past decade, ransomware has developed into one of the most prominent cyber threats. The evolution from scareware and locker ransomware to crypto-ransomware began in earnest in 2013 with the appearance of CryptoLocker. This Trojan horse propagated via a malicious email attachment and used advanced cryptographic techniques to encrypt files on the victim’s hard drive. It then demanded a Bitcoin ransom to decrypt the files, leveraging the anonymity of cryptocurrency for obfuscation.

WannaCry, a ransomware worm that emerged in May 2017, highlighted the next stage of ransomware evolution. It exploited a vulnerability in Microsoft Windows, known as EternalBlue, which the NSA initially discovered and Equation Group reportedly leaked. The attack infected over 200,000 computers across 150 countries, encrypting user data and demanding Bitcoin payment, resulting in hundreds of millions to billions of dollars in damages.



Modern Tactics and Techniques

The current landscape of computer viruses, malware, and ransomware is ever-changing, as hackers employ new tactics to exploit systems and users. One such trend is the rise of fileless malware, which uses legitimate programs to infect a system, making it harder to detect and remove.

Phishing attacks have also grown increasingly sophisticated, using social engineering to trick users into revealing sensitive information or downloading malware. Spear-phishing, a targeted form of phishing, involves highly personalized emails designed to deceive specific individuals or companies, often leading to significant breaches.

Ransomware continues to evolve, with threats like Ryuk and Sodinokibi (also known as REvil) causing widespread disruptions. These ransomware strains often target large organizations and employ tactics like “double extortion,” which involves not only encrypting the victim’s files but also threatening to release sensitive data publicly if the ransom is not paid.

Supply chain attacks have become another prominent threat, where hackers infiltrate a system through an outside partner or service provider with access to the system. The SolarWinds attack in 2020 is a prominent example, where malicious code was inserted into the software update mechanism for the SolarWinds Orion platform, leading to a widespread and high-profile breach.



The Economic Impact of Malware

The economic implications of computer viruses, malware, and ransomware are significant. The exact cost is difficult to measure due to factors such as indirect costs, the impact on brand reputation, and loss of consumer trust, but conservative estimates run into billions of dollars annually.

The 2017 WannaCry ransomware attack, for instance, is estimated to have caused financial damages between hundreds of millions to billions of dollars, affecting large organizations such as the NHS in the UK. Similarly, the NotPetya attack that hit multiple companies, including shipping giant Maersk and pharmaceutical company Merck, resulted in estimated damages of over $10 billion.

Cybersecurity Ventures predicted in 2019 that cybercrime, including all damages associated with malicious software, would cost the world $6 trillion annually by 2021, up from $3 trillion in 2015. This makes it one of the greatest financial risks associated with modern technology.



The Future of Malware

Despite the efforts of the cybersecurity industry, the threat posed by malware, viruses, and ransomware is unlikely to recede in the future. The progression of technology, such as the Internet of Things (IoT) and advancements in artificial intelligence and machine learning, presents new opportunities for hackers to exploit.

AI, in particular, poses a dual risk. On one hand, AI systems can be used to detect and defend against cyber threats more effectively, but on the other, they can also be employed by hackers to launch more sophisticated attacks. For instance, deepfake technology can be used in spear-phishing attacks to create more convincing fake identities or messages.

With the increased connectivity of the IoT, more devices than ever before are online and potentially vulnerable. Everything from refrigerators to industrial control systems can be targeted, with potentially devastating real-world impacts.

Another area of concern is the cloud. As more businesses migrate their operations and data to the cloud, these platforms become attractive targets for cybercriminals. While cloud providers often have robust security measures in place, the responsibility for security is shared with the user, and human error or poor security practices can still lead to significant breaches.



The Role of Cyber Hygiene and Education

The history of computer viruses, malware, and ransomware also underscores the crucial role of cyber hygiene and education. Many of the most damaging attacks rely on exploiting human error, such as clicking on a phishing link or failing to install critical software updates.

Teaching users to recognize and avoid common cyber threats, use strong, unique passwords, and regularly back up their data can go a long way towards mitigating the risk of malware. Similarly, organizations must invest in cybersecurity measures, such as regular audits, penetration testing, and employee training.




The history of computer viruses, malware, and ransomware is a testament to the continuous arms race between cybersecurity professionals and cybercriminals. From the first experimental viruses of the 1970s to the state-sponsored APTs and sophisticated ransomware of today, the threat landscape has evolved dramatically.

As technology continues to progress, the tools and tactics employed by cybercriminals will undoubtedly become more sophisticated. It underscores the need for constant vigilance, education, and investment in cybersecurity measures to protect against these evolving threats.

In retrospect, this history also serves as a reminder of the ethical implications of digital technology. The story of malware is ultimately a story about human intentions, with the potential for both great harm and great good residing in the same lines of code.