Ransomware, rogue software which encrypt data on your hard disk and demand payment in bitcoins to restore it, have been on the rise recently. Hospitals, police stations and universities have been the recent targets of ransomware.

What exactly are the causes of the increase in ransomware and did Bitcoin lead to its birth?

Craig Williams, Senior Technical Leader of Cisco Talo, says:

“The ability to demand payment in bitcoin, a difficult-to-trace virtual currency not controlled by any country, was 'basically the birth of ransomware' and has helped drive its success since the currency's introduction in 2009.”

Early cases of ransomware

Malware has actually been around for ages. Brain, one of the first PC-based malware, spread through floppy disks and was discovered in 1986. The advent of the internet and email only led to new ways of propagation.

One of the early cases of ransomware (a class of malware, which encrypts file and demands ransom) is the AIDS Info Disk, which has been around since 1989.

This ransomware demanded payment to be made to PC Cyborg Corporation for renewal of licence. The payment was asked to be sent to a post office box in Panama.


Cryptolocker, which was first seen in 2013, gained notoriety by infecting over 250,000 computers. The industry's best practices were implemented in this ransomware.

Instead of using a custom cryptographic implementation, cryptolocker used strong cryptography offered by Microsoft's CryptoAPI, which made the program robust.

Payment was also demanded in bitcoins, which made it difficult to trace. Infected users were asked to pay ~$300 worth of bitcoins and the total estimated amount extorted by the operators of this scheme is more than $3 million.

Increase in ransomware in 2016

There has been a sharp increase in ransomware and ransom payments in 2016, with an estimated total of more than $200 million being paid in the first 3 months of the year.

Payments demanded from organizations are larger – in the range of $10,000 to $20,000 and the operators even have call centers set up to assist the victims in making payment.

The latest strain, Samas, which has targeted hospitals, exploits vulnerabilities, giving it entry into Jboss application servers. While the instances of ransomware have increased, it would be wrong to blame Bitcoin for the increase.

Bitcoin is just technology, like email and the internet; nobody blames the internet for cyber crimes anymore.