The Dark Web’s Trillion-Dollar Threat: How Ransomware Became the Ultimate Cybercrime Nightmare

The birth of ransomware was a stunt that got out of hand. In 1989, evolutionary biologist Joseph L Popp Jr was working part-time for the World Health Organisation on the AIDS epidemic. He was a difficult man. When denied a permanent position, he decided to punish his peers while shocking them into acknowledging another kind of infection: the computer virus.

Popp wrote a questionnaire promising to help minimize HIV risk, duplicated it onto 20,000 floppy disks, and sent them to researchers in 90 countries. Each disk contained a Trojan virus. Once inserted, a malware timebomb eventually made computers unusable until users paid a “$189 license fee” to a PO box in Panama. Popp’s primitive “AIDS Trojan” was quickly identified, and he was arrested for blackmail. Intending to make a point rather than a profit, he was mortified to learn that some targets had overreacted by wiping their hard drives—one Italian AIDS organization lost a decade’s worth of vital data. Popp experienced a psychological collapse and was deemed unfit to stand trial. The criminals who developed his crude innovation into a global business would not be so scrupulous.

The Billion-Dollar Blackmail Machine

A ransomware attack is a form of cybercrime where hackers use malware to encrypt data and charge targets a fee to receive a decryption key. Increasingly, hackers also steal sensitive data and threaten to auction it on the dark web—what’s called “double extortion.” It’s a remarkably inefficient form of crime, like trashing an entire car to steal a pair of sunglasses. According to Anja Shortland, professor of political economy at King’s College London and expert in the economics of crime, hackers reap only around $1 billion annually but cost victims an estimated $57 billion in 2025.

The disproportionate consequences of refusing to pay create a collective action problem that incentivizes compliance. It’s much quicker and cheaper to pay up and minimize disruption than to hold out and absorb the damage. The British Library, for example, was hacked in October 2023 and is still not back to normal. But every ransom paid inspires further attacks. There’s a psychological cost, too. One man whose computer company was almost destroyed by a hack compared the experience to “suffocating, drowning—or both at the same time.”

From Face Huggers to Fortune 500

Computer scientists Adam L Young and Moti Yung first mapped out ransomware’s potential in 1996, comparing it to the face huggers in Alien: the virus couldn’t be removed without killing the host. But for many years, technological limitations made it unrewarding, especially when trading in stolen data. One reformed cybercriminal likened trying to sell a major cache to “offering a 747 for sale at a flea market.” Three breakthroughs were required to turn ransomware into a thriving industry: untraceable communications (the TOR protocol), a decentralized currency (bitcoin), and asymmetric encryption, which generates a unique encryption key for each infected computer. By 2013, Shortland writes, “all the preconditions for large-scale, profitable ransomware campaigns were in place.”

Shortland’s book lacks the narrative verve of Scott J Shapiro’s 2023 history of hacking, Fancy Bear Goes Phishing. Her mission is to explain more than to entertain. But she still manages to paint a fascinating picture of a fast-evolving criminal industry. Ambitious hackers build ransomware brands, sharing their top-of-the-range software with affiliates who do the dirty work of extortion. Establishing trust among thieves is essential, if short-lived. The major brands have salaried employees, help desks, and even human resources departments. “Criminal HR is a fast-moving, high-stakes job,” Shortland writes.

The Ruthless Economics of Digital Extortion

Job security isn’t great in this business. Whether due to internal fractures or heat from law enforcement, operations routinely shut down and reopen under new guises. According to Shortland, the cyber-attack that paralyzed much of Costa Rica’s economy in 2022 at a cost of half a billion dollars was probably a marketing exercise by a collapsing brand called Conti, to create the illusion that it was healthier than it was. The Costa Ricans were collateral damage. With similar ruthlessness, healthcare systems are popular targets. In such cases, ransomware is not just an economic crime but a lethal one.

Ransomware does not, therefore, attract colorful, lovable rogues. LockBitSupp, which unsuccessfully demanded $80 million from Royal Mail in 2023, was revealed to be Russian national Dmitry Yuryevich Khoroshev, an arrogant, racist thug who disgusted even fellow criminals. “For five years of swimming in money I became very lazy,” he bragged, “and continued to ride on a yacht with titsy girls.” This is not Moriarty we’re dealing with. Brand names like Evil Corp and DarkSide reek of dim, adolescent nihilism.

State-Sponsored Cyber Terror

Russia has been a cybercrime hotbed since the 1990s. After years of refusing US extradition requests, Vladimir Putin agreed to raid the ransomware brand REvil in January 2022, only for the invasion of Ukraine to sink any further cooperation. North Korea has been busy, too. In 2017, its WannaCry virus infected tens of thousands of computers in 150 countries, including Spanish telecoms, German trains, Chinese universities, and the NHS. Along with Russia’s NotPetya malware, it spooked western governments into treating ransomware as a national security issue.

The AI-Enabled Nightmare Scenario

Shortland concludes with the nightmarish likelihood of AI-enabled cyberwar in which disruption is the primary aim, from the mass deletion of data on cloud servers to meddling with nuclear power stations. She claims that we are “mostly blind or indifferent” to “a previously unimaginable level of catastrophic risk.” While demanding that governments step up—legally mandated cyber-hygiene, more support for victims, more prosecutions—she compares ransomware to COVID: a plausible goal is not defeating it altogether but “agreeing on an acceptable level of risk and learning to live with the underlying threat.”

Shortland invokes COVID in another sense: one day a cyber-attack could bring an entire economy to a pandemic-like standstill, so we had better be ready. This book may not be a page-turner for the average reader, but one hopes that the right people are paying attention.

Tags: Ransomware, Cybercrime, Cyberwarfare, Digital Extortion, Dark Web, Bitcoin, Malware, Cybersecurity, National Security, AI Threats, Russian Hackers, North Korean Cyber Attacks, Data Breach, Encryption, Digital Pandemic

Viral Phrases: “The trillion-dollar blackmail machine,” “face huggers in Alien,” “criminal HR is a fast-moving, high-stakes job,” “swimming in money with titsy girls,” “the ransomware pandemic,” “AI-enabled cyberwar,” “the collective action problem,” “double extortion,” “the digital face hugger,” “cybersecurity’s COVID moment,” “the economics of crime meets the crime of economics”

Viral Sentences: “One day a cyber-attack could bring the entire economy to a pandemic-like standstill, so we had better be ready.” “Every ransom paid inspires further attacks.” “Criminal HR is a fast-moving, high-stakes job.” “The disproportionate consequences of refusing to pay create a collective action problem by incentivising compliance.” “Ransomware is not just an economic crime but a lethal one.” “We are ‘mostly blind or indifferent’ to ‘a previously unimaginable level of catastrophic risk.'” “A plausible goal is not defeating it altogether but agreeing on an acceptable level of risk and learning to live with the underlying threat.”

,