Skip to Content

How officials are protecting the election from ransomware hackers

Concerns about an attack on election systems are real. But a hack wouldn't damage the vote as much as the disinformation that would result.
testing voting machines
Tom Sherlin/The Daily Times via AP

Hackers played a significant role in the 2016 US election, when the Russian government hacked into the Democratic campaign and ran an information operation that dominated national headlines. American law enforcement, intelligence services, and even Republican lawmakers have concluded, repeatedly, that Moscow sought to interfere with the election in favor of Donald Trump.

Meanwhile, in the last four years, ransomware has exploded into a multibillion-dollar business. It’s a type of malware that hackers use to restrict access to data or machines until they’re paid ransoms that can run into the tens of millions of dollars. There’s now a global extortion industry built on the fact that the critical infrastructure and digital systems we rely on are deeply vulnerable. 

Put those two things together, and you get the nightmare scenario many election security officials are focused on: that ransomware could infect and disrupt election systems in some way, perhaps by targeting voter registration databases on the eve of Election Day. Steps to prevent such attacks are well under way.

Tackling TrickBot

In the past month, the US military and Microsoft have thrown two distinct and apparently uncoordinated haymakers at the world’s largest botnet, TrickBot—a network of infected computers that could be used in ransomware operations, including those that could target election systems. 

US Cyber Command mounted a hacking operation to temporarily disrupt TrickBot, according to a report by the Washington Post, while Microsoft went to court to take down TrickBot’s command-and-control servers. Both operations will likely have just a short-term impact on the botnet’s operations, but that may be enough to prevent an Election Day ransomware debacle.

Meanwhile, security officials have been pushing states to set up multiple offline backups to prepare for potential attacks on voter registration databases and election results reporting systems. 

“The primary source of resilience for voter registration databases—in addition to ensuring good network segmentation, having multi-factor authentication, patching your systems—is to have offline backups,” Brandon Wales, the executive director at the Cybersecurity and Infrastructure Security Agency (CISA), told me recently in an interview for MIT Technology Review’s Spotlight On event series. “We have seen a dramatic increase in this over the last four years. States are in much better shape now than they were four years ago.” 

CISA has also pushed states to build in other security layers, such as maintaining paper backups of e-poll books and all votes cast, and doing a risk-limiting audit after the vote.

But let’s be clear: for all the worry and hype, no such attack against election infrastructure has yet occurred.

The disinformation threat

Even a wildly successful ransomware attack against election systems would slow but not prevent voting, senior officials have said repeatedly. Instead, the real threat to election security would come in the aftermath.

“Whether it’s a nation-state or cybercriminal, whether the attack is successful or not, the biggest concern is the disinformation that will arise,” says Allan Liska, an intelligence analyst at the cybersecurity firm Recorded Future. “It’s a worry because people already have shaky confidence.”

A ransomware attack against election systems would give fuel to unfounded conspiracy theories that the election is rigged, unreliable, or being stolen. Take the widespread conspiracy theories over “mail dumping,” another attempt to undermine confidence in the election.

If any ransomware attack were to happen, then widespread disinformation about the vote itself would no doubt spread. And by the time such disinformation was debunked by traditional media or removed by social-media platforms, it might have reached millions of people. The biggest offender here is the president of the United States, who has proved an adept manipulator of the traditional press to push his disinformation campaign.

This is an excerpt from The Outcome, our daily email on election integrity and security. Click here to sign up for regular updates.

Deep Dive


Inside the hunt for new physics at the world’s largest particle collider

The Large Hadron Collider hasn’t seen any new particles since the discovery of the Higgs boson in 2012. Here’s what researchers are trying to do about it.

How ASML took over the chipmaking chessboard

MIT Technology Review sat down with outgoing CTO Martin van den Brink to talk about the company’s rise to dominance and the life and death of Moore’s Law.


How Wi-Fi sensing became usable tech

After a decade of obscurity, the technology is being used to track people’s movements.

Algorithms are everywhere

Three new books warn against turning into the person the algorithm thinks you are.

Stay connected

Illustration by Rose Wong

Get the latest updates from
MIT Technology Review

Discover special offers, top stories, upcoming events, and more.

Thank you for submitting your email!

Explore more newsletters

It looks like something went wrong.

We’re having trouble saving your preferences. Try refreshing this page and updating them one more time. If you continue to get this message, reach out to us at with a list of newsletters you’d like to receive.