Hackers played a significant role in the 2016 US election, when the Russian government hacked into the Democratic campaign and ran an information operation that dominated national headlines. American law enforcement, intelligence services, and even Republican lawmakers have concluded, repeatedly, that Moscow sought to interfere with the election in favor of Donald Trump.

Meanwhile, in the last four years, ransomware has exploded into a multibillion-dollar business. It’s a type of malware that hackers use to restrict access to data or machines until they’re paid ransoms that can run into the tens of millions of dollars. There’s now a global extortion industry built on the fact that the critical infrastructure and digital systems we rely on are deeply vulnerable. 

Put those two things together, and you get the nightmare scenario many election security officials are focused on: that ransomware could infect and disrupt election systems in some way, perhaps by targeting voter registration databases on the eve of Election Day. Steps to prevent such attacks are well under way.

Tackling TrickBot

In the past month, the US military and Microsoft have thrown two distinct and apparently uncoordinated haymakers at the world’s largest botnet, TrickBot—a network of infected computers that could be used in ransomware operations, including those that could target election systems. 

US Cyber Command mounted a hacking operation to temporarily disrupt TrickBot, according to a report by the Washington Post, while Microsoft went to court to take down TrickBot’s command-and-control servers. Both operations will likely have just a short-term impact on the botnet’s operations, but that may be enough to prevent an Election Day ransomware debacle.

Meanwhile, security officials have been pushing states to set up multiple offline backups to prepare for potential attacks on voter registration databases and election results reporting systems. 

“The primary source of resilience for voter registration databases—in addition to ensuring good network segmentation, having multi-factor authentication, patching your systems—is to have offline backups,” Brandon Wales, the executive director at the Cybersecurity and Infrastructure Security Agency (CISA), told me recently in an interview for MIT Technology Review’s Spotlight On event series. “We have seen a dramatic increase in this over the last four years. States are in much better shape now than they were four years ago.” 

CISA has also pushed states to build in other security layers, such as maintaining paper backups of e-poll books and all votes cast, and doing a risk-limiting audit after the vote.

But let’s be clear: for all the worry and hype, no such attack against election infrastructure has yet occurred.

The disinformation threat

Even a wildly successful ransomware attack against election systems would slow but not prevent voting, senior officials have said repeatedly. Instead, the real threat to election security would come in the aftermath.

“Whether it’s a nation-state or cybercriminal, whether the attack is successful or not, the biggest concern is the disinformation that will arise,” says Allan Liska, an intelligence analyst at the cybersecurity firm Recorded Future. “It’s a worry because people already have shaky confidence.”

A ransomware attack against election systems would give fuel to unfounded conspiracy theories that the election is rigged, unreliable, or being stolen. Take the widespread conspiracy theories over “mail dumping,” another attempt to undermine confidence in the election.

If any ransomware attack were to happen, then widespread disinformation about the vote itself would no doubt spread. And by the time such disinformation was debunked by traditional media or removed by social-media platforms, it might have reached millions of people. The biggest offender here is the president of the United States, who has proved an adept manipulator of the traditional press to push his disinformation campaign.

This is an excerpt from The Outcome, our daily email on election integrity and security. Click here to sign up for regular updates.