ThinkableWhat is this?

Cybersecurity & Digital Warfare: Ransomware

The Heist That Never Leaves the Building

The most profitable crime wave in history doesn't require a weapon, a getaway car, or even a face.

The Idea

Ransomware is often described as hackers 'locking' your files, which makes it sound like a padlock on a door. The reality is more elegant and more brutal. When ransomware executes, it uses asymmetric encryption — the same mathematics that secures your online banking — to scramble every document, database, and backup it can reach. The attacker holds the only decryption key. Your data isn't gone. It's still right there, perfectly intact, just rendered permanently unreadable unless you pay. What makes this so insidious isn't the technical complexity — it's the business model. Modern ransomware gangs operate like franchises. A core group builds and maintains the malware; affiliates rent it out, deploy it, negotiate payments, and split the proceeds. This 'Ransomware-as-a-Service' model means the person who attacked a hospital this morning may have no coding ability whatsoever. They just signed up. The targets have also shifted dramatically. Early ransomware hit individuals — encrypt a laptop, demand a few hundred. Today's operators go after infrastructure: hospitals, pipelines, school districts, city governments. The logic is cold and rational: these institutions can't afford downtime, often have outdated systems, and frequently have cyber insurance that effectively guarantees payment. The attackers aren't nihilists. They're running spreadsheets.

In the World

In May 2021, Colonial Pipeline — which supplies roughly 45 percent of the fuel consumed on the US East Coast — shut down its entire network for six days. Not because anything physical was damaged, but because a ransomware group called DarkSide had encrypted the company's billing and business systems. Colonial's operators couldn't track fuel distribution or invoice customers, so they stopped the pipeline themselves out of caution. Panic buying emptied petrol stations from Florida to Virginia. The company paid the equivalent of roughly 75 bitcoin — a significant sum — within hours of the attack. What happened next revealed how the ransomware economy actually works. The US Department of Justice managed to claw back a portion of the payment by seizing a cryptocurrency wallet. DarkSide, suddenly facing heat from both the FBI and, reportedly, Russian authorities nervous about the geopolitical fallout, announced it was shutting down. Weeks later, a nearly identical group called BlackMatter appeared. Same code, same tactics, different name. The franchise had simply rebranded. The Colonial attack is remembered as a wake-up call, but the more instructive detail is smaller: the attackers gained initial access through a single compromised password for a VPN account that was no longer even in active use. The most disruptive infrastructure attack in recent American history began with one forgotten login.

Why It Matters

Most people file ransomware under 'cybersecurity problem' — something for IT departments and government agencies to worry about. But the Colonial attack showed that digital vulnerabilities translate directly into physical scarcity. The hospitals that have delayed surgeries during ransomware incidents, the water treatment facilities that have been hit, the school systems that have had student records held hostage — these aren't abstract data breaches. They're disruptions to the basic fabric of how institutions function. There's also a subtler point worth sitting with. Ransomware has flourished in part because cyber insurance normalised paying ransoms, because cryptocurrency made payments untraceable and borderless, and because decades of underinvestment in digital infrastructure left critical systems running on software old enough to vote. The technology didn't create this problem alone. Policy, incentives, and institutional inertia shaped the environment in which it thrives. Understanding ransomware isn't really about understanding malware. It's about understanding what happens when a lucrative criminal model meets a world that consistently chose convenience over resilience.

A Question to Ponder

If paying a ransom funds the next attack, but refusing one might mean a hospital can't access patient records for weeks — what would a genuinely ethical response policy look like?

Get a new one of these every morning.

Start learning with Thinkable
One topic like this, every day.Start free