Ransomware (noun) [Word Notes]

8 min

•Apr 21, 2026about 1 month ago

Summary

This Word Notes episode defines ransomware, tracing its evolution from the 1989 PC Cyborg attack to modern corporate extortion schemes worth nearly $1 million per incident. The episode explains how cryptocurrency enabled the professionalization of ransomware attacks and details the four revenue streams attackers now exploit, illustrated through a Mr. Robot scene depicting a fictional corporate ransomware crisis.

Insights

Cryptocurrency was the critical enabler that transformed ransomware from indiscriminate home user attacks into a sophisticated, profitable criminal enterprise targeting corporations
Modern ransomware attackers generate revenue through multiple extortion vectors beyond decryption: data suppression, competitive sale prevention, and eventual data resale regardless of payment
Ransomware has evolved from targeting individual users for hundreds of dollars to targeting corporate networks for million-dollar payouts, representing a fundamental shift in threat actor business models
The 1989 PC Cyborg case established the foundational ransomware pattern despite unclear motivations, demonstrating the concept's longevity and adaptability across three decades

Trends

Shift from indiscriminate consumer ransomware to targeted, high-value corporate extortionProfessionalization of ransomware-as-a-service criminal operations enabled by cryptocurrency anonymityEscalation of ransom demands from hundreds to nearly $1 million average by 2022Multi-vector extortion model expanding beyond encryption to include data theft, suppression, and resaleCorporate decision-making complexity around ransom payment versus system recovery costs and reputational damage

Topics

Ransomware definition and evolutionCryptocurrency's role in ransomware proliferationCorporate ransomware targeting and payment decisionsData encryption and decryption key economicsRansomware extortion vectors and revenue modelsHistorical ransomware incidents and originsThreat actor professionalization and business modelsFBI involvement in ransomware negotiationsSystem recovery versus ransom payment trade-offsRansomware in popular media and culture

Companies

CrowdStrike

Cited as source for analysis of cryptocurrency's role in enabling ransomware proliferation in early 2010s

Palo Alto Networks

Unit 42 threat intelligence team cited for June 2022 data showing average ransomware payment of nearly $1 million

World Health Organization

Recipients of 1989 PC Cyborg ransomware attack via floppy disks sent to AIDS conference attendees

People

Dr. Joseph Popp

Creator of first known ransomware attack in 1989, sent infected floppy disks to WHO AIDS conference

Tim Nodar

Writer of Word Notes episode

Rick Howard

Host and editor of Word Notes episode

Elliot Peltzman

Created mixed sound design and original music for episode

Peter Kilpie

Executive producer of Word Notes

Quotes

"malware that disables a system in exchange for a ransom, usually by encrypting the system's data until the user pays for the decryption key"

Rick Howard•Definition segment

"Cryptocurrency allowed attackers to receive victims' payments with a certain degree of anonymity"

Rick Howard (citing CrowdStrike analysis)•Origin and context segment

"as of June 2022, the average ransomware payment was just under $1 million"

Rick Howard (citing Unit 42/Palo Alto Networks)•Corporate evolution segment

"We can't afford this hack right now. And frankly, I think we can find $5.9 million in between our couch cushions. It's nothing."

Evil Corp CEO (Mr. Robot scene)•Mr. Robot reference

Full Transcript

You're listening to the Cyber Wire Network, powered by N2K. Today's sponsor, Rapid7, has an irresistible invitation for you CISOs and security practitioners out there. A free two-day virtual summit. The subject? Preemptive Security. Join the Global Cybersecurity Summit on May 12th and 13th from wherever you like. A-list speakers will show you how organizations are disrupting attacks before they can blowtorch your day. You'll see how exposure management, MDR, and AI together let you make the decisive move. Registration is open at rapid7.brighttalk.com. The word is ransomware. Spelled ransom, as in a payment demanded for the release of something valuable, and ware, as in a type of software. Definition. malware that disables a system in exchange for a ransom, usually by encrypting the system's data until the user pays for the decryption key. Example sentence. The company was forced to choose between paying the ransomware attackers or rebuilding the systems from scratch. Origin and context One of the first known ransomware incidents occurred in 1989 when evolutionary biologist Dr Joseph Popp sent 20 floppy disks to members of the World Health Organization's AIDS conference. When the receiver inserted the floppy disk, the payload encrypted the names of files on the user's hard drive and asked the victim to send $189 to a PC Cyborg Corporation in order to receive a repair tool. Pop was arrested in the UK but was deemed mentally unfit to stand trial. His motivation is still unclear, though he claimed the profits would go to AIDS research. According to CrowdStrike, the advent of cryptocurrencies in the early 2010s paved the way for the proliferation and professionalization of ransomware attacks. Cryptocurrency allowed attackers to receive victims' payments with a certain degree of anonymity. Early strains of ransomware were typically indiscriminate, infecting individual home systems in exchange for a small ransom of a few hundred dollars. Over the years, however, threat actors shifted targets from the home internet user to the more lucrative corporate networks. According to Unit 42, Palo Alto Network's Threat Intelligence team, as of June 2022, the average ransomware payment was just under $1 million. As the new corporate model evolved, ransomware criminals found at least four ways to generate revenue from their victims. Number one, payment to unencrypt the data. Number two, payment to not make the stolen data public. Number three, payment to not sell the stolen data to competitors, slightly different than a public release. And finally, after receiving payments on the first three selling the stolen data anyway to whomever wants it nerd reference at the conclusion of season one of my favorite tv show about cyber security ever Mr. Robot, F Society, the hacktivist group that the two main characters belong to, Elliot, played by Rami Malek, and Darlene, Elliot's sister, played by Carly Chaikin, penetrates the e-commerce systems at eCore, aka EvilCore, and prevents access to all their customers' payment information. F Society displays a splash screen on every EvilCore employee's monitor, saying, your files are encrypted. To get the key to the crypt files, you have to pay $5.9 million. If payment is not made, we'll brick the entire system. Signed, F Society. And then it shows a countdown timer with less than 24 hours remaining. In this scene, Evil Corp's CTO, played by Brian Stokes Mitchell, the CEO, played by Michael Christopher, and the chief legal officer, played by Sandra and Holt, discussed their options. I was on the phone with the FBI all night. We can't confirm the sender, but the email we received is authentic. More than likely, the same hackers from the ransomware. Unbelievable. What are their demands again? $5.9 million. dollars 5.9 million dollars to be delivered to battery park city 9 p.m tonight no police if we want to pay the ransom the fbi will not sanction it We cannot negotiate with these people Our techs are looking into it We find a way to decrypt it and get the system How long? Five days. Tops. Five days for our banking system to be down. That's a lot of money down the drain. I don't even want to mention the optics. We can't afford this hack right now. And frankly, I think we can find $5.9 million in between our couch cushions. It's nothing. My opinion, as general counsel, is to pay it. Word Notes is written by Tim Nodar, executive produced by Peter Kilpie, and edited by John Petrick and me, Rick Howard. The mixed sound design and original music have all been crafted by the ridiculously talented Elliot Peltzman. Thanks for listening. When it comes to mobile application security, good enough is a risk. A recent survey shows that 72% of organizations reported at least one mobile application security incident last year, and 92% of responders reported threat levels have increased in the past two years. GuardSquare delivers the highest level of security for your mobile apps without compromising performance, time to market, or user experience. Discover how GuardSquare provides industry-leading security for your Android and iOS apps at www.guardsquare.com.