When Ransomware Became Capitalism
A conversation with Anja Shortland on Dark Screens, cybercrime, encryption, Bitcoin, and the strange economics of digital extortion
What if ransomware did not begin with criminals, but with curiosity?
That question sits at the center of our conversation with Anja Shortland, professor of political economy at King’s College London and author of Dark Screens. Ransomware is often described in the language of crime thrillers: hooded hackers, shadowy servers, anonymous wallets, locked hospital systems, countdown timers, and impossible choices. But the story Anja tells is stranger and more unsettling. It is a story about how an open internet, playful hacking, academic cryptography, cryptocurrency, business incentives, geopolitical shelter, and institutional vulnerability combined to create one of the most dangerous criminal industries in the world.
Listen to the episode on Apple Podcasts here or watch the video on YouTube:
Ransomware, at its simplest, is malware that locks or encrypts a victim’s data and makes that victim dependent on the attacker to restore access. Increasingly, it also includes data theft: attackers copy files, threaten to publish them, and use exposure as leverage. A technical breach becomes an extortion relationship. A company, hospital, school, charity, government agency, or individual suddenly finds themselves negotiating with criminals who may know their finances, downtime costs, vulnerabilities, and secrets.
One of the most fascinating parts of this episode is that Anja refuses to flatten the story into easy categories. Ransomware gangs are criminals, but they are also, in a disturbing sense, badly run internet startups. They have brands, reputations, internal discipline problems, affiliates, coders, negotiators, and specialized workers. Some operate from countries where their actions are treated not as domestic crimes, but as acceptable chaos directed at foreign enemies. What is criminal from the victim’s point of view may be tolerated, sheltered, or strategically useful elsewhere.
The deeper history starts in the culture of hacking itself. Anja describes the early internet as an anarchic playground of curiosity, trespass, technical delight, and open experimentation. The word “hacker” did not originally mean cybercriminal. It meant someone who could make systems do unexpected things. Steve Jobs and Steve Wozniak appear in the story not as corporate icons, but as young phone phreakers building “blue boxes” that could trick telephone systems into making free calls. It was illegal, but it was also a technical challenge, a game, and a way to feel the thrill of controlling an enormous system with a homemade device.
That history matters because it shows how thin the boundary can be between innovation and crime. Who gets called a genius, who gets called a misfit, and who gets called a criminal is not always determined by the technical act alone. Race, class, geography, timing, and institutional power all shape the story. The internet created fortunes. It also created new forms of predation.
And ransomware could not have become a global industry without mathematics.
The first ransomware-style attack Anja discusses dates back to 1989, involving infected diskettes related to AIDS information. It was cumbersome and not very scalable: the attacker had to physically distribute disks, the encryption was weak, and the payment mechanism involved mailing money to a post office box in Panama. The idea was there, but the infrastructure was not. For ransomware to become a business, several puzzle pieces had to fall into place: networked computers, stronger cryptography, individualized encryption, and a payment system that could move money pseudonymously across borders.
Asymmetric encryption is one of those crucial puzzle pieces. In ordinary life, we use it constantly: online banking, secure websites, encrypted communication, digital signatures. But in ransomware, the same mathematical infrastructure becomes a weapon. Attackers can encrypt a victim’s files in a way that is extremely difficult to reverse without the corresponding key. Mathematics makes trust possible online, but it also makes digital hostage-taking possible.
Then came cryptocurrency. Anja is direct on this point: ransomware became truly feasible once attackers had access to a pseudonymous payment system. Bitcoin did not invent extortion, but it solved a major business problem for ransomware gangs. If victims could not pay conveniently, across borders, and outside traditional banking rails, the business model would be far less scalable. Cryptocurrency provided liquidity, distance, and a new kind of financial infrastructure for crime.
The economics of ransom payment may be the most unsettling part of the conversation. From the perspective of an individual victim, paying can be rational. If your company is hemorrhaging money, your hospital cannot access patient records, or your operations are frozen, the ransom may look like the fastest way to stop the bleeding. But from the perspective of the system, paying feeds the market. It tells attackers the business model works. It creates incentives for more attacks.
Ransomware negotiations are not simple game theory diagrams. They are messy, multi-layered strategic conflicts. The victim has to calculate downtime costs, reputational harm, legal exposure, regulatory penalties, operational risk, and the likelihood that the attacker can actually decrypt the files. The attacker has to establish credibility. Some ransomware groups build brands precisely because victims need to believe that payment will produce results. Criminals offer “proof of life” for data by decrypting sample files. They maintain leak sites, use countdown timers, and create pressure while offering a strange form of reassurance: pay us, and we will behave like professionals.
That phrase should make us uncomfortable. Professionalized extortion is still extortion. But ransomware works because it mimics parts of legitimate business: pricing, negotiation, reputation, customer service, market segmentation, and risk management. It is capitalism’s shadow, built out of code.
The next frontier is artificial intelligence. Anja’s concern is not simply that AI will write better malware, though it may lower the barrier to entry. The deeper concern is social engineering. Many attacks begin with a person: an email opened, a link clicked, a credential entered, a fake request believed. Today, people often detect phishing because the language feels wrong. AI makes that weakness less reliable. It can generate personalized, fluent, context-aware messages that sound like real colleagues, students, vendors, or collaborators.
But AI is not only an attacker’s tool. It can also help defenders detect unusual activity, monitor systems, flag anomalies, and identify patterns too subtle for humans to catch. The future of ransomware is therefore an arms race: cybercrime and cybersecurity co-evolving, each adapting to the other.
The conversation closes with practical advice, but not the usual empty cybersecurity scolding. Anja’s point is not that everyone needs to become a cybersecurity expert. It is that ordinary users are not powerless. Cybersecurity cannot simply be outsourced because individuals are often the weak point in the system. Passwords matter. Backups matter. Looking twice matters. Resilience matters. The question is not whether you can become perfectly safe. Perfect safety would be lonely, expensive, and probably impossible. The real question is: what level of risk are you willing to live with, and what would make you resilient enough not to be easily extorted?
Do you have backups that are not constantly connected to your machine? Do you have copies of the things that matter most? Could you function if your accounts or systems were temporarily unavailable? Do you know what your organization’s plan is if ransomware hits? Do your lawmakers?
Because ransomware is no longer just an individual inconvenience or a corporate IT problem. It can affect hospitals, fuel pipelines, police departments, universities, food systems, water systems, and national infrastructure. People can die because systems are locked. Whole regions can be disrupted. And yet, as Anja warns, government planning often lags behind the scale of the risk.
If hacking began as curiosity, ransomware became capitalism. If the internet began as trust, it now runs on negotiated risk. The question is not whether ransomware will disappear. It will not. The question is what we are willing to pay—in money, convenience, privacy, freedom, regulation, and preparation—to make ourselves harder to hold hostage.
And yes, after this, you may want to change your password.
Did the book get into the weird “customer support” side of ransomware? The payment pages, countdown timers, even discounts... that part always makes it feel creepily normal.