Ransomware is a cybercrime idea as old as the computer itself. The idea is simple: break into a victim’s computer, encrypt all their files, and demand payment for decryption. That being said, the social dynamics at play during this interaction are anything but simple. Generally speaking, the cybercriminal has one goal: to get paid. In order for the victim to pay, they must trust that upon payment they will get their files back. This simple dichotomy gives rise to the Ransomware Trust Paradox
The Paradox
The Ransomware Trust Paradox, an idea coined by Max Smeets in April 2025, refers to the idea that inherently untrustworthy individuals or groups engaging in illegal access to often sensitive data must convince their victims of their trustworthiness to meet their ends (Smeets, 2025). This shows a marked difference between ransomware and other forms of both digital and conventional crime. Think about a bank robbery: both the robber and the ransomware operator have the same goal, to make money, but the bank robber is never trusted by the victim. Rather, they achieve their ends by force. What makes this idea so fascinating to me is the lengths ransomware groups will go to to secure trust from victims. To get an idea for this, let’s first look at the first ransomware, and see what is done differently today.
The First Ransomware
The story of the first ransomware is an interesting one, to say the least. It was created by Joseph Popp, an evolutionary biologist from Harvard working on AIDS research in the 80s. The malware was distributed by mailing 20,000 floppy discs to attendees to a WHO conference on, believe it or not, AIDS research (Kelly, 2021). Popp was quickly found and arrested, and while no one knows why he did this, his idea led to the creation of an entirely new criminal enterprise in ransomware. In premise, Popp’s ransomware worked on the same basic principle of ransomware today: infect a computer, encrypt everything, and demand payment for it back, but there were several key differences between Popp’s ransomware and modern ransomware. For one, his ransom note (the message telling victims what is happening and what they should do about it) was primitive and nowhere near visually appealing. On top of that, payment was asked to be sent to a PO Box in Panama (Kelly, 2021). There was no clear indication of who the money was being sent to, or how sending cash to Panama would allow one to get their files back. Put yourself in the shoes of a researcher in the 80s. You probably wouldn’t pay in this situation, right?
Ransomware Today
These days, there are plenty of ransomware groups following in Popp’s footsteps taking various approaches to gaining trust. One ransomware group, Darkside, states plainly in their ransom note that they are here to make money, and if they did not return on their promise to decrypt their victim’s data, no one would pay them going forward (Smeets, 2025). Another group, BlackCat, engages in anonymous “press releases” to clear up rumors about themselves. In this instance, various news outlets had misattributed attacks to BlackCat, and their “press release” attempted to clarify that they were not making any purely malicious attacks, their sole purpose was to make a deal and return the encrypted data (Smeets, 2025). Another vector of trust groups have exploited rests in User Interface (UI) design. If you’ve ever been on a website that looked extremely outdated or bombarded you with pop-ups, you know how important UI is in building trust. A clean, modern looking UI can help build trust with a user. During Conti’s time operating as a ransomware group, they exploited this by using a professional looking ransom note, and sleek payment portals that made victims feel like they were completing a legitimate business transaction. There are many other strategies too, including providing 24/7 customer support, and referring to victims as “customers” (Smeets, 2025).
Who Does Ransomware Target?
Keep in mind that ransomware groups exist for one reason: to make a profit. With that in mind, it seems intuitive that they should target big businesses. And that turns out to be the case, with the most commonly targeted sectors being manufacturing, healthcare, and construction (Arctic Wolf, n.d.). That being said, there are other reasons for these targets being such appealing targets. Firstly, they often have little security (Arctic Wolf, n.d.). These aren’t big tech companies, or cybersecurity agencies, these industries have little reason to know much about tech at all beyond the basics they need for the business to function. Additionally, they have little tolerance for downtime (Arctic Wolf, n.d.). In these sectors, every second counts, and companies are bleeding huge amounts of money all the time that their computers are down. This makes them more likely to pay ransom.
Overall, the Ransomware Trust Paradox is a theory that I find fascinating, the idea that criminal enterprises engaging in explicitly untrustworthy activities are exploiting trust to meet their ends is something never seen in the criminal world before the introduction of ransomware. Tracing ransomware from its roots reveals the importance of this paradox in the operations of modern ransomware groups, and helps us think about how to better defend against them. Going forward, individuals and corporations can use this idea to make better value judgments when they are hit by ransomware, and better understand how to defend themselves against it.
References
Kelly, S. M. (2021, May 16). The bizarre story of the inventor of ransomware. CNN. https://www.cnn.com/2021/05/16/tech/ransomware-joseph-popp
Ransomware Explained: Understanding the Ransomware Ecosystem. (n.d.). Arctic Wolf. Retrieved April 13, 2026, from https://arcticwolf.com/ransomware-explained-understanding-the-ransomware-ecosystem/
Shutterstock. (2024). Ransomware. In Ransomware explained: How it works and how to remove it.
Smeets, M. (2025). The Ransomware Trust Paradox. https://virtual-routes.org/wp-content/uploads/2025/04/Virtual-Routes-Pharos-Report-Series-No.-2.pdf
