What was the first ransomware attack to demand payment in Bitcoin?

WannaCry (2017)

Reveton (2012)

CryptoLocker (2013)

Petya (2016)

Choose wisely! The correct answer, the explanation, and an intriguing story await.

Correct Answer: CryptoLocker (2013)

Try the Next Trivia >

When Verizon bought AOL in 2015, how many people were still paying for dial-up Internet?

A brief explanation why

In the world of cybersecurity, ransomware is a well-known menace, but its evolution into the era of cryptocurrencies marked a major turning point. The first ransomware attack to demand payment specifically in Bitcoin was CryptoLocker, which emerged in September 2013.

CryptoLocker was a game-changer in cybercrime history. It used strong encryption (RSA-2048) to lock users' files and demanded payment in Bitcoin, at the time a relatively obscure digital currency as the method for decryption.

Victims were typically infected through malicious email attachments, often disguised as legitimate business communications. Once activated, CryptoLocker would scan the victim's drives for common file types and encrypt them, rendering personal and business data unusable.

Before CryptoLocker, ransomware had already existed in simpler forms. One example is Reveton (2012), often called "police ransomware." It would lock a user's screen and claim to be from a law enforcement agency, demanding payment via prepaid cards or vouchers like Ukash. While disruptive, it lacked encryption and didn't yet leverage cryptocurrencies.

Unlike traditional financial channels, Bitcoin provided pseudonymity, global accessibility, and ease of automation for attackers. This innovation inspired a wave of future ransomware variants and firmly established Bitcoin (and other cryptocurrencies) as standard tools in cybercriminal toolkits.

Several infamous ransomware variants followed in CryptoLocker's footsteps:

Petya (2016) took the game further by overwriting a system's master boot record (MBR) and encrypting the file system itself. It also used Bitcoin for ransom payments, but arrived years after CryptoLocker.
WannaCry (2017), perhaps the most infamous ransomware attack in history, caused global disruption by exploiting a Windows vulnerability. It also demanded Bitcoin, but its scale and method were more advanced – and again, it wasn't the first.

Each of these ransomware families used Bitcoin, but CryptoLocker was the one that made it the new normal.

While law enforcement eventually took down some of CryptoLocker's infrastructure, its success showed the world how effective and lucrative crypto-powered ransomware could be – setting the stage for today's complex ransomware-as-a-service (RaaS) operations.