When evolutionary biologist Joseph Popp coded the first documented piece of ransomware in 1989, he had little idea it would become a major criminal business model capable of bringing economies to their knees. Popp, who worked for the World Health Organization at the time, wanted to warn people about the dangers of ignoring health warnings, poor sexual hygiene and (human) virus transmission. He sent out 20,0000 floppy discs that, when loaded, flashed up a demand for money to regain files that had supposedly been encrypted (in fact, it was just their file names). He was later arrested and charged with 11 counts of blackmail, but declared mentally unfit to stand trial. In 1996, two Columbia University computer scientists published a paper explaining how criminals could use more sophisticated versions of Popp’s scheme to mount large-scale extortion operations. At the heart of this was malicious software that could be used to encrypt, block access to or steal a person or organisation’s files and data. However, two preconditions still had to be met for ransomware to become …