Groups linked to Iran rattle Israeli confidence by seeking to cause panic and doubt through computer infiltrations

Every week approximately a thousand institutions in Israel are hit with a cyberattack. It is a constant barrage of computer infiltrations. Most are ransomware attacks, and the motive was money.

Until recently.

In 2021, several incidents featured attackers demanding ransom, but their behavior ran counter to typical ransomware heists and suggested that lurking beneath the surface, they had different goals. They made their demands with extroverted gusto, like they intended their crime to be a public act. The targets were mainly mid-sized companies such as dating apps and insurance companies, large enough to cause public concern but not large enough to spark action from the Israeli state. Most telling, the groups behind the attacks have been linked to Iran to varying degrees.

Malware whacks a computer like a mugging. Meanwhile, ransomware — the new gang on the corner — looks a lot like a kidnapping, taking digital files or whole computer networks hostage. Only a sizable, sometimes enormous payout, usually in cryptocurrencies, buys freedom. They are schemes to defraud and steal, and the intent is criminal.

Or is it much more than that?

Ransomware’s parallels with disinformation are striking. While most high-profile ransomware attacks are in the U.S., U.K., and Europe, the vast majority of attacks are in countries facing political instability, like in Latin America and Africa.

Many digital hostage-taking organizations originate from the same hotbeds where disinformation campaigns are generated, like Russia, Ukraine, North Korea, and the Philippines. Ransomware travels the same political divisions as disinformation campaigns, trafficking in the exploitation of economic inequality, fear of immigrants, and racial resentments to undermine public trust in institutions and belief in social stability.

Where disinformation uses noise and incoherence to sow doubt and spread division, ransomware does something similar: it, too, is an agent of chaos. It may look like just a way to make a crypto-buck, but its effects, very often intentional, are much more profound.

“I call this a hybrid threat. There are attacks that are considered political-cyber-offensive, which are by states or by non-state actors but with a political agenda,” said Gabi Siboni, the head of the cyber security program at The Jerusalem Institute for Strategy and Security. “And there are cyber criminals. But what you can see is that it's getting mixed.”

In Israel, ransomware attacks against private companies pose a new kind of national security threat

Ransomware: The New Disinformation

More

What to read next:

Was a Russian forest wargame a plot to bomb the World Cup?

QAnon followers think Trump will be back in the White House by March

The club that wants Russia to take over the world

The year in Russian disinformation campaigns

TikTok sees a surge in anti-protest disinformation in Russia

Pepe the Frog, human trafficking and secret cabals — QAnon’s take on the RNC

Top stories

'Undercurrents: Tech, Tyrants and Us,' a new podcast series

For migrants under 24/7 surveillance, the UK feels like ‘an outside prison’

In Russia, the ‘worst is happening in the present’

How tech design is always political

Silicon Savanna: The workers taking on Africa's digital sweatshops