Skip to Content
Election 2020

How officials are protecting the election from ransomware hackers

Concerns about an attack on election systems are real. But a hack wouldn't damage the vote as much as the disinformation that would result.
testing voting machines
testing voting machines
Tom Sherlin/The Daily Times via AP

Hackers played a significant role in the 2016 US election, when the Russian government hacked into the Democratic campaign and ran an information operation that dominated national headlines. American law enforcement, intelligence services, and even Republican lawmakers have concluded, repeatedly, that Moscow sought to interfere with the election in favor of Donald Trump.

Meanwhile, in the last four years, ransomware has exploded into a multibillion-dollar business. It’s a type of malware that hackers use to restrict access to data or machines until they’re paid ransoms that can run into the tens of millions of dollars. There’s now a global extortion industry built on the fact that the critical infrastructure and digital systems we rely on are deeply vulnerable. 

Put those two things together, and you get the nightmare scenario many election security officials are focused on: that ransomware could infect and disrupt election systems in some way, perhaps by targeting voter registration databases on the eve of Election Day. Steps to prevent such attacks are well under way.

Tackling TrickBot

In the past month, the US military and Microsoft have thrown two distinct and apparently uncoordinated haymakers at the world’s largest botnet, TrickBot—a network of infected computers that could be used in ransomware operations, including those that could target election systems. 

US Cyber Command mounted a hacking operation to temporarily disrupt TrickBot, according to a report by the Washington Post, while Microsoft went to court to take down TrickBot’s command-and-control servers. Both operations will likely have just a short-term impact on the botnet’s operations, but that may be enough to prevent an Election Day ransomware debacle.

Meanwhile, security officials have been pushing states to set up multiple offline backups to prepare for potential attacks on voter registration databases and election results reporting systems. 

“The primary source of resilience for voter registration databases—in addition to ensuring good network segmentation, having multi-factor authentication, patching your systems—is to have offline backups,” Brandon Wales, the executive director at the Cybersecurity and Infrastructure Security Agency (CISA), told me recently in an interview for MIT Technology Review’s Spotlight On event series. “We have seen a dramatic increase in this over the last four years. States are in much better shape now than they were four years ago.” 

CISA has also pushed states to build in other security layers, such as maintaining paper backups of e-poll books and all votes cast, and doing a risk-limiting audit after the vote.

But let’s be clear: for all the worry and hype, no such attack against election infrastructure has yet occurred.

The disinformation threat

Even a wildly successful ransomware attack against election systems would slow but not prevent voting, senior officials have said repeatedly. Instead, the real threat to election security would come in the aftermath.

“Whether it’s a nation-state or cybercriminal, whether the attack is successful or not, the biggest concern is the disinformation that will arise,” says Allan Liska, an intelligence analyst at the cybersecurity firm Recorded Future. “It’s a worry because people already have shaky confidence.”

A ransomware attack against election systems would give fuel to unfounded conspiracy theories that the election is rigged, unreliable, or being stolen. Take the widespread conspiracy theories over “mail dumping,” another attempt to undermine confidence in the election.

If any ransomware attack were to happen, then widespread disinformation about the vote itself would no doubt spread. And by the time such disinformation was debunked by traditional media or removed by social-media platforms, it might have reached millions of people. The biggest offender here is the president of the United States, who has proved an adept manipulator of the traditional press to push his disinformation campaign.

This is an excerpt from The Outcome, our daily email on election integrity and security. Click here to sign up for regular updates.

Keep Reading

Most Popular

The miracle molecule that could treat brain injuries and boost your fading memory

Discovered more than a decade ago, a remarkable compound shows promise in treating everything from Alzheimer’s to brain injuries—and it just might improve your cognitive abilities.

wet market selling fish
wet market selling fish

This scientist now believes covid started in Wuhan’s wet market. Here’s why.

How a veteran virologist found fresh evidence to back up the theory that covid jumped from animals to humans in a notorious Chinese market—rather than emerged from a lab leak.

Conceptual illustration showing a file folder with the China flag and various papers flying out of it
Conceptual illustration showing a file folder with the China flag and various papers flying out of it

The US crackdown on Chinese economic espionage is a mess. We have the data to show it.

The US government’s China Initiative sought to protect national security. In the most comprehensive analysis of cases to date, MIT Technology Review reveals how far it has strayed from its goals.

conceptual illustration showing various women's faces being scanned
conceptual illustration showing various women's faces being scanned

A horrifying new AI app swaps women into porn videos with a click

Deepfake researchers have long feared the day this would arrive.

Stay connected

Illustration by Rose WongIllustration by Rose Wong

Get the latest updates from
MIT Technology Review

Discover special offers, top stories, upcoming events, and more.

Thank you for submitting your email!

Explore more newsletters

It looks like something went wrong.

We’re having trouble saving your preferences. Try refreshing this page and updating them one more time. If you continue to get this message, reach out to us at with a list of newsletters you’d like to receive.