The spectre of a cyber-attack crippling an entire economy with pandemic-like severity is no longer a distant fiction but a looming reality. This terrifying prospect underscores the explosive growth of ransomware, a form of cybercrime where hackers encrypt data and demand payment for its release, often coupled with threats to leak stolen information in a practice known as "double extortion." According to Anja Shortland, a professor of political economy at King’s College London, this criminal enterprise reaps around $1 billion annually for perpetrators but inflicts an estimated $57 billion in damages on victims by 2025, highlighting its disproportionate and devastating impact.
The Origins: A Stunt Gone Awry
The birth of ransomware traces back to 1989 with Joseph L Popp Jr, an evolutionary biologist working part-time for the World Health Organisation on the AIDS epidemic. After being denied a permanent position, Popp devised a malicious scheme to highlight the threat of computer viruses. He distributed 20,000 floppy discs containing a questionnaire on HIV risk, each embedded with a Trojan virus. Once activated, the malware rendered computers unusable until a $189 "licence fee" was paid to a PO box in Panama. Popp's primitive "AIDS Trojan" was quickly identified, leading to his arrest for blackmail. Intending to make a point rather than profit, he was horrified to learn that some targets, such as an Italian AIDS organisation, overreacted by wiping hard drives, losing a decade of critical data. Popp suffered a psychological collapse and was deemed unfit for trial, but his crude innovation paved the way for less scrupulous criminals to develop ransomware into a global business.
Evolution into a Thriving Criminal Industry
For years, technological limitations hindered ransomware's profitability, particularly in trading stolen data, likened by one reformed cybercriminal to "offering a 747 for sale at a flea market." However, three key breakthroughs transformed it into a lucrative industry: untraceable communications via the TOR protocol, the advent of decentralised currencies like Bitcoin, and asymmetric encryption, which generates unique keys for each infected computer. By 2013, Shortland notes, all preconditions for large-scale, profitable ransomware campaigns were in place.
Branding and Structure
Today, ransomware operates as a sophisticated criminal enterprise with branded software, affiliates handling extortion, and even structured operations featuring salaried employees, help desks, and human resources departments. Shortland describes criminal HR as a "fast-moving, high-stakes job," underscoring the industry's professionalisation. Yet, job security remains precarious, with operations frequently shutting down due to internal conflicts or law enforcement pressure, only to re-emerge under new guises.
High-Profile Attacks and Global Impact
Ransomware attacks have targeted critical infrastructure worldwide, with devastating consequences. In 2022, an attack paralysed much of Costa Rica's economy, costing an estimated half a billion dollars, possibly as a marketing ploy by the collapsing brand Conti. Healthcare systems are particularly vulnerable, turning ransomware into a lethal threat beyond mere economic crime. The British Library, hacked in October 2023, remains disrupted, illustrating the long-term damage of such incidents.
Psychological and Economic Toll
The disproportionate costs of refusing to pay ransoms create a collective action problem, incentivising compliance to minimise disruption. Victims often describe the experience as traumatic, with one comparing it to "suffocating, drowning – or both at the same time." This psychological burden, coupled with economic losses, exacerbates the crisis.
Geopolitical Dimensions and National Security
Russia has long been a hotbed for cybercrime, with figures like Dmitry Yuryevich Khoroshev, behind the LockBitSupp brand, exemplifying the arrogant and ruthless nature of perpetrators. Despite brief cooperation, such as Putin's raid on REvil in early 2022, the invasion of Ukraine halted further collaboration with the West. North Korea has also been active, as seen in the 2017 WannaCry virus that infected systems across 150 countries, including the NHS, Spanish telecoms, and German trains. These incidents, alongside Russia's NotPetya malware, have spurred western governments to treat ransomware as a national security priority.
The Future: AI-Enabled Cyberwar and Pandemic-Level Risks
Shortland warns of a nightmarish future where AI-enabled cyberwar could cause mass disruption, from deleting cloud server data to interfering with nuclear power stations. She argues that society is "mostly blind or indifferent" to these catastrophic risks, urging governments to enhance cyber-hygiene mandates, support victims, and pursue prosecutions. Drawing parallels to Covid-19, she suggests that defeating ransomware entirely may be unrealistic; instead, we must "agree on an acceptable level of risk and learn to live with the underlying threat."
In conclusion, ransomware has evolved from a crude stunt into a global menace, with the potential to bring economies to a standstill akin to a pandemic. Shortland's book, while more explanatory than entertaining, serves as a crucial wake-up call for policymakers and the public alike. As cyber threats escalate, preparedness and resilience become paramount in navigating this dark economy.
