The AIDS Trojan and Father of the Ransomware

By Kerry Sapet, SDC CPAs, LLC

In 1989, during the World Health Organization’s AIDS conference, the world’s first ransomware virus was released. Ransomware is a piece of malicious software designed to infect a computer and prevent the user from accessing their files until a set of demands has been met.

This first ransomware virus, now known as the PC Cyborg virus or the AIDS Trojan, was distributed to a mailing list of 20,000 doctors and AIDS researchers. These researchers received a floppy disk that claimed to contain surveys for assessing AIDS patients but was, in fact, malware that would encrypt the computer’s files and promise to restore them after the user sent the PC Cyborg Corporation a check for $189.00.

The PC Cyborg Corporation, responsible for spreading the AIDS Trojan, was actually just one man—Joseph Popp, now known as the father of ransomware. Joseph Popp was a disgruntled evolutionary biologist who reportedly spread the AIDS Trojan as retribution after being rejected for a position in the World Health Organization.

The doctors and researchers who received the virus had little experience with computers and the scareware elements of the AIDS Trojan (flashing screens, angry colors, and ominous phrases like “Catastrophic System Error”) made them panic and give in to demands or delete files and lose years of data.

While the virus was fairly weak and had a relatively small impact, it was one of the first pieces of malware to employ Trojan and ransomware tactics. The effectiveness of the virus as a whole was hampered by the nature of the demands—requiring a check sent to a P.O. Box in Panama.

The language used in the program was muddled and the encryption measures were not particularly sophisticated, but the virus used some clever tricks—such as a delayed onset and scare tactics to coerce a population with minimal knowledge of computers. In 1990, programs were distributed to decrypt affected files and remove the virus, making it a fairly short-lived threat. The tactics used in the AIDS Trojan did, however, become a model for future

Now ransomware has become incredibly sophisticated and effective, with attacks garnering more than $1 billion each year. The average ransomware attack costs a business more than $130,000.00, making it one of the more costly forms of cyber fraud. With cyber security measures and fraud prevention training, businesses can protect themselves from these attacks.

If you would like more information about this subject, please contact Kerry Sapet at 630.820.5770 or

This is a publication of Southern Loss Association, Inc., P.O. Box 421564, Atlanta, GA 30342. The articles published on this website are in a general format and are not intended to be legal advice applicable to any specific circumstances. Legal opinions may vary when based on subtle factual differences. All rights reserved.