Marks & Spencer ran out of Percy Pigs last year, Co-op supermarkets were short of blueberries and Jaguar Land Rover shut down production of its cars for weeks. Each company was the victim of one of the fastest-growing modern crimes: the cyberattack.
No firm hit by a ransomware attack will discuss how it combats a high-tech heist. Businesses fear that if they confirm a ransom payment, they are more likely to be targeted again. There is no suggestion that M&S, the Co-op or JLR coughed up, but more and more businesses are. The number climbed to 24.3 per cent of the total attacked in 2025, according to a study by S-RM, a cybersecurity firm, and FGS Global, an advisory group.
This book explains why — and charts the rise of a modern form of extortion that affects more than half of the world’s big companies and will generate costs to the global economy of over $200 billion by 2030. Anja Shortland, a professor of political economy at King’s College London, warns that most western countries are ill-prepared for a cyberattack on critical infrastructure, notably power networks, ports and aviation. And it is only a matter of time.
The history, usually the dullest part of books like this, is fascinating. I had no idea that ransomware was created in 1989, not by a Russian or North Korean hacker or a maths whiz in their bedroom, but by Joseph L Popp Jr, an American evolutionary biologist. When the World Health Organisation turned him down for a permanent job combating the Aids epidemic, he took out his frustration on the medical establishment by inventing another kind of infection: the computer virus.
Popp sent a floppy disc (readers under 50, please look this up) purporting to be an HIV research questionnaire to WHO scientists, which, once installed, froze the user’s PC. It could only be unlocked by paying a “licence fee” of $189 to a PO box in Panama. He was arrested and charged with blackmail.
What he started, scammers and nation states have developed into multibillion-dollar global extortion rackets. Cybercriminals began by creating general purpose viruses that infect computer networks, blocking access and encrypting data, and then offering a decryption service — for a ransom payment. As the title of the book shows, they skilfully set the fee at less than what it would cost the victim to build new networks, plus any fine levied by regulators for a breach. Small wonder so many pay up — in hard-to-trace cryptocurrency.
The cybercrooks moved on to far more effective viruses that mutate and create new strains for every device they infect, requiring a unique decryption service for each. But handing out decryption keys for so many devices is time-consuming. So the fraudsters began cutting secret deals with companies that help firms to combat attacks. They gave these firms decryption keys and, in return, the firms handed over a share of their fee for “fixing the problem” for each client. The criminals’ latest ruse is to threaten to publish sensitive data and emails on the dark web.
Shortland describes brilliantly the battle between the black hat — bad — and white hat — good — hackers to prevent cyberattacks. At the age of 22, the Briton Marcus Hutchins, then a white hat, found a flaw in the system created by North Korean agents to spread the superworm virus WannaCry, which took down IT systems at hundreds of thousands of businesses and health services in 2017. He went on to activate a kill switch. It earned him the cover story in Wired magazine under the headline “The hacker who saved the internet”. But when he came down to dinner one evening and told his mother what he had done, she simply replied: “Well done, sweetheart.”
It’s not just companies who are targeted. Look in your email spam filter. You will find at least one “phishing” email — a perhaps plausible-looking email that informs you that you need to reset your password for a service or unlock an account. Click on the link and malware will spread through your computer or phone and, in the worst cases, give the hackers access to whatever keystrokes you make, helping them to access your bank accounts or credit cards.
Shortland’s scholarly approach means the book lacks the page-turning qualities of similar investigations into modern crime by authors such as Oliver Bullough and Tom Burgis. There aren’t many jokes. At times greater journalistic rigour is needed. I wrote “more detail!” in the margin many times. But you stick with it because the revelations are so good.
The account of how North Korea became a leader in cybercrime is particularly strong. Shortland reveals how the authorities identified maths prodigies in schools, trained them to code in state-run boarding schools, then sent them to China to work as elite cyber-military units, with promises of a life far more luxurious than most North Koreans would enjoy. It was these units who hacked Sony’s Hollywood arm in revenge for The Interview, a film that lampooned the North Korean leader Kim Jong-un, freezing computers and releasing emails in which executives criticised stars. Angelina Jolie was described as “a minimally talented spoiled brat”. Sony caved, editing the film to make it more palatable to Pyongyang and scrapping its wide release in cinemas.
One thing the book lacks is a few tips to help individuals to avoid being hacked. So let me add it. Use Gmail, which filters out most phishing emails. Choose Apple devices since most viruses are written for Android phones and PCs running Microsoft. Use a VPN. Think before you click on any link. Choose two-factor authentication for every service that offers it. Change your passwords regularly and choose unique ones for each banking or financial services app. Install software updates the moment they arrive. Back up all your data to an external hard drive. Check your Experian or similar account every week for suspicious credit checks. Install Malwarebytes protection on your kit.
Oh, and good luck. After reading this book, I think we’re all going to need it.
We Know You Can Pay a Million: Inside the Dark Economy of Hacking and Ransomware by Anja Shortland (Profile £22 pp304). To order a copy go to timesbookshop.co.uk. Free UK standard P&P on orders over £25. Special discount available for Times+ members
Click Here For The Original Source.
