“Dark Screens
By Anja Shortland
PublicAffairs, 288 pages, $30
In 2017, a piece of Russian malware called NotPetya targeted Ukraine via a popular piece of accounting software. Soon NotPetya halted operations at nearly one-third of Ukraine's banks; Ukrainian newspapers, as well as transportation and energy firms, were significantly disrupted. But the accounting software was also used by other entities around the globe, including the shipping giant Maersk.
As Anja Shortland tells us in "Dark Screens," one employee at Maersk's head office in Copenhagen recalls "the surreal experience of watching his open-plan office going offline in a matter of seconds: 'I saw a wave of screens turning black. Black, black, black.' Within seven minutes, fifty-five thousand Maersk devices were locked." The company operated in pen-and-paper mode for more than a week. Globally, the virus is estimated to have cost some $10 billion in damages.
Welcome to the world of ransomware, where institutions may be crippled in seconds by cyber gangs that encrypt an entity's data and demand money to unlock it. The consequences of not complying range from inconvenient to fatal. The British Library, where I wrote several books, declined to pay such a ransom in 2023; its systems still have not completely recovered, but basic library operations continue. When attackers target hospitals, however, people die. A 2023 study, Ms. Shortland tells us, showed that "in-hospital mortality rates for Medicare patients" during ransomware attacks rose by around 35% to 41%.
But killing people is bad for business. And a business is certainly what ransomware outfits are. In this fascinating and forensic book, Ms. Shortland, a professor of political economy at King's College London, reveals them as a sector of the economy that is as concerned as legitimate companies are with brand reputation and customer service. But in this case the customers are also the victims. When the author subtitles one chapter "Innovations for Safe and Profitable Ransomware," she is being wry but accurate: It is in everyone's interest that such transactions go as smoothly as buying a subscription to Microsoft Office.
Early ransomware attempts were not without their teething troubles. On its release in 2013, the pioneering malware Cryptolocker was vulnerable to being deleted by an antivirus program after the target's files were encrypted, leaving no way for the attackers to go back into the system to release the hostage, so to speak. Victims were therefore told to reinstall the malware so that their files could then be unlocked.
The Cryptolocker mastermind was eventually identified as Evgeniy Bogachev, a Russian national known to be fond of luxury cars and yachting on the Black Sea. Luckily for him, in Russia "cybercrime is only a crime if the victims are Russians on Russian soil," Ms. Shortland tells us, and Mr. Bogachev had been careful not to cross that line -- so the Russians refused the FBI's request for extradition.
Most early ransomware originated in Russia, but not because it was all operated by the Russian mob or Russian security services. As Ms. Shortland explains, at the turn of the millennium talented young computer programmers in Russia did not have the opportunities for legitimate enrichment enjoyed by their peers in Silicon Valley; instead they faced the choice of either performing low-paid work for the security services or turning to crime.
Ransomware itself gradually became a species of "software as a service." Starting with the 2016 cyberattack on the Hollywood Presbyterian Medical Center and other healthcare providers by a virus named Locky, the business model became one in which the code to encrypt files and the subsequent automated payment system could be used off-the-shelf by third-party "affiliates," the ones who originally penetrated target systems via hacked passwords or email scams. The affiliates would in turn kick back a percentage of the proceeds to the designers of the ransomware code. Ransomware brands competed with one another on their "ethical profile" (attacking healthcare was soon deprecated) and the "trust" that affiliates could place in their "aftercare duty."
Meanwhile, a new ecosystem grew up around the victims. In the U.S., those who were hesitant about paying off criminals could instead hire companies that promised to decrypt their files for a multiple of the ransom. As it turned out, some of these companies would turn around, pay the ransom to the criminals, then pocket the difference. More legitimate consultancies put hostage negotiators together with information-technology experts and insurers to offer personalized crisis-response services. This all added handsomely to the nation's gross domestic product but, in Ms. Shortland's account, it only exacerbated a "vicious cycle": Since paying a ransom was much quicker than restoring from a backup, the advice was still usually to pay.
The ransomware business itself, ever evolving, now usually includes an element of "data exfiltration extortion," whereby criminals will threaten to release sensitive data stolen from the target's database. Cleverly, they will set their ransoms below the amount a company would face in fines if the data were leaked. As one attacker explained cheerfully in a chat to a victim: "Do not want to pay us -- pay x10 times more to the government. No problems."
Ransomware's global cost in 2025 was estimated at $57 billion. Anthropic's new Mythos AI tool can allegedly hack a system by itself, though that might help companies repair holes in their defenses before hackers can exploit them. Ms. Shortland argues that, much as we could not eliminate Covid-19 but had to learn to mitigate its effects and then live with it, we must accept that ransomware is endemic. Experts, she says, need to focus on increasing the resilience of critical infrastructure and government bureaucracies. "It would be very reassuring to know that a well-developed emergency plan exists for the potential of an economy-wide or regional standstill predicted by cybersecurity experts," Ms. Shortland writes. While we nervously await such reassurance, we should probably change our passwords.
---
Mr. Poole is the author of "Rethink: The Surprising History of New Ideas."” [1]
1. Encryption Enrichment. Poole, Steven. Wall Street Journal, Eastern edition; New York, N.Y.. 07 May 2026: A15.
Komentarų nėra:
Rašyti komentarą