In May 2017, North Korean hackers — allegedly, from the infamous Lazarus Group — unleashed the WannaCry ransomware attack. The malicious code quickly spread to more than 200,000 computers, crippling technology in over 150 countries. Hospitals, railroads and schools were all hit. Locked out of their system, victims received demands for bitcoin payments, in order to buy back access to their data.
Ransomware: The New Disinformation
Malware whacks a computer like a mugging. Meanwhile, ransomware — the new gang on the corner — looks a lot like a kidnapping, taking digital files or whole computer networks hostage. Only a sizable, sometimes enormous payout, usually in cryptocurrencies, buys freedom. They are schemes to defraud and steal, and the intent is criminal.
Or is it much more than that?
Ransomware’s parallels with disinformation are striking. While most high-profile ransomware attacks are in the U.S., U.K., and Europe, the vast majority of attacks are in countries facing political instability, like in Latin America and Africa.
Many digital hostage-taking organizations originate from the same hotbeds where disinformation campaigns are generated, like Russia, Ukraine, North Korea, and the Philippines. Ransomware travels the same political divisions as disinformation campaigns, trafficking in the exploitation of economic inequality, fear of immigrants, and racial resentments to undermine public trust in institutions and belief in social stability.
Where disinformation uses noise and incoherence to sow doubt and spread division, ransomware does something similar: it, too, is an agent of chaos. It may look like just a way to make a crypto-buck, but its effects, very often intentional, are much more profound.
The attack put ransomware on the map, but companies and individuals have been painfully slow to shore up their systems against similar assaults. Ransomware attacks increased by 93% in the first six months of 2021 as compared to the same time last year, according to the cybersecurity company CheckPoint. JBS USA, one of the largest meat suppliers in the US, paid an $11 million ransom after a breach forced five of its plants to temporarily halt operations in May. The Japanese tech giants Fujifilm and Toshiba have both been hit this year. Even the Houston Rockets, an NBA basketball team, was a target.
While the motivations behind WannaCry and many similar ransomware attacks appear to be financial, ransomware has the potential to become a powerful geopolitical tool. We spoke with Jenny Jun, non-resident fellow at the Atlantic Council’s Cyber Statecraft Initiative about how ransomware can be used coercively against adversaries and hostile governments.
This conversation has been edited for length and clarity.
