Skip to Content
Computing

Why the ransomware crisis suddenly feels so relentless

Attacks on major companies and critical infrastructure have panicked the US, but the roots of the problem go back years.

In this Oct. 12, 2020 file photo, a worker heads into the JBS meatpacking plant in Greeley, Colo. A weekend ransomware attack on the world’s largest meat company is disrupting production around the world just weeks after a similar incident shut down a U.S. oil pipeline.
AP Photo/David Zalubowski, File

Just weeks after a major American oil pipeline was struck by hackers, a cyberattack hit the world’s largest meat supplier. What next? Will these criminals target hospitals and schools? Will they start going after US cities, governments—and even the military?

In fact, all of these have been hit by ransomware already. While the onslaught we’ve seen in the last month feels new, hackers holding services hostage and demanding payments has been a huge business for years. Dozens of American cities have been disrupted by ransomware, while hospitals were hit by attacks even during the depths of the pandemic. And in 2019, the US military was targeted. But that doesn’t mean what we’re seeing now is just a matter of awareness. So what’s different now?

It’s the result of inaction

You cannot explain the metastasizing of the ransomware crisis without examining years of American inaction. The global ransomware crisis grew to incredible proportions during the Donald Trump presidency. Even as US critical infrastructure, cities, and oil pipelines were hit, the Trump administration did little to address the problem, and it went ignored by most Americans.

The ransomware boom started at the tail end of the Obama White House, which approached it as part of its overall cybercrime response. That involved putting agents on the ground around the world to score tactical wins in countries that were otherwise uncooperative, but defense against such attacks fell down the list of priorities under Trump even as ransomware itself boomed.

Today, the Biden administration is making an unprecedented attempt to tackle the problem. The White House has said that the hackers behind both the Colonial Pipeline and JBS ransomware attacks are based in Russia, and have current efforts involving Homeland Security and the Justice Department. But while President Biden plans to discuss the attacks in an upcoming summit with Vladimir Putin on June 16, the problem goes deeper than just relationships between two countries.

It’s also the result of new tactics

When the ransomware industry was taking off half a decade ago, the business model for such attacks was fundamentally different—and far simpler. Ransomware gangs started out by indiscriminately infecting vulnerable machines without much care for exactly what they were doing or who they were targeting.

Today, the operations are much more sophisticated and the payouts are much higher. Ransomware gangs now pay specialist hackers to go “big game hunting” and seek out massive targets that can pay out huge ransoms. The hackers sell the access to the gangs, who then carry out the extortion. Everyone gets paid so handsomely that it’s become increasingly irresistible—especially because the gangs typically suffer no consequences. 

There’s safe harbor for criminals

That leads to the next dimension of the problem: The hackers work from countries where they can avoid prosecution. They operate massive criminal empires and remain effectively immune to all attempts to rein them in. This is what Biden will bring up to Putin in the coming weeks. 

The problem extends beyond Russia and, to be clear, it’s not as simple as Moscow directing hackers. But the Kremlin’s tolerance of cybercriminals—and sometimes even direct cooperation with them—is a real contributor to the booming criminal industry. To change that, America and other countries will have to work together to confront nations who otherwise see no problem with US hospitals and pipelines being held for ransom. The safe harbor for cybercriminals, combined with the mostly unregulated cryptocurrency used to facilitate the crime, has made it very favorable for the hackers.

And we’re all more connected and insecure than ever

And then there is the unavoidable fact that weak cybersecurity combined with ubiquitous connectivity equals increasingly vulnerable targets. Everything in America—from our factories to our hospitals—is connected to the internet, but a lot of it is not adequately secured.  

Globally, the free market has repeatedly failed to solve some of the world’s biggest cybersecurity problems. This may be because the ransomware crisis is a problem at a scale that no private sector can solve alone.

As ransomware and cybercrime increasingly becomes a national security threat—and one that risks harming human beings, as in the case of attacks against hospitals—it’s become clear that government action is required. And so far officials from the world’s most powerful nations have chiefly succeeded in watching the disaster unfold. 

Instead, what must happen to change this is a global partnership between countries and companies to take ransomware head on. There is momentum to change the status quo, including a major recent cybersecurity executive order out of the White House. But the work is only beginning.

Deep Dive

Computing

Inside the hunt for new physics at the world’s largest particle collider

The Large Hadron Collider hasn’t seen any new particles since the discovery of the Higgs boson in 2012. Here’s what researchers are trying to do about it.

Why China is betting big on chiplets

By connecting several less-advanced chips into one, Chinese companies could circumvent the sanctions set by the US government.

How Wi-Fi sensing became usable tech

After a decade of obscurity, the technology is being used to track people’s movements.

VR headsets can be hacked with an Inception-style attack

Stay connected

Illustration by Rose Wong

Get the latest updates from
MIT Technology Review

Discover special offers, top stories, upcoming events, and more.

Thank you for submitting your email!

Explore more newsletters

It looks like something went wrong.

We’re having trouble saving your preferences. Try refreshing this page and updating them one more time. If you continue to get this message, reach out to us at customer-service@technologyreview.com with a list of newsletters you’d like to receive.