Feb 2, 2022 7:00 AM

Out-of-Control Cybercrime Will Cause More Real-World Harm

Ransomware and online attacks can lead to deadly real-world consequences. Governments need to raise their game in response.

illustration with pipeline web page computer meter and figures

In 2022, cyber incidents will cause real and sustained disruption to our everyday comforts—and maybe kill people. This won’t be because of any great geopolitical development, but because a bunch of semi-sophisticated, well-organized, and mostly Russian criminals are increasingly out of control.

For some years now, a strange combination of Hollywood and the military-industrial complex has been telling us that cyberattacks present an existential threat to humanity, but the reality has been different. Cyber harms inflicted by bad people have turned out to be very serious, but mostly in boring and largely invisible ways. The closest most ordinary people come to encountering a cyber “attack” is either by losing a small amount of money or by getting a letter from a company they do business with, telling them that some personal data they don’t understand the value of has been stolen by people in another continent whose identity no one really knows. There’s the odd exception—the Russian state is fond of battering Ukraine, for example—but for most people in most countries, cyber has not been much to get worked up about.

This will change, as cyber criminals increasingly attack in ways that cause far more hurtful and visible consequences. In the first half of 2021, the disruption to the Colonial Pipeline in the United States left two-thirds of petrol stations in South Carolina empty, which spurred panic buying and all the risk that entails. Fresh food was given away in large quantities in Sweden because supermarket tills weren’t working. Schools were hit in New Zealand and the UK. Most dangerously, health care was targeted. In May the entire Irish health service was crippled for weeks, and over the spring and summer dozens of hospitals in Europe and the US found themselves locked out of life-critical systems by ransomware attacks.

In June, cyberattacks were on the agenda at the annual meeting of G7 countries in Cornwall, and many in the cybersecurity industry hoped that this, combined with Joe Biden confronting Vladimir Putin for harboring the criminals on Russian soil, would turn the tide. However, this is unlikely to happen, because we still have almost no way of punishing cyber criminals.

After a brief lull, ransomware has continued in 2021 and has been no less dangerous. Despite the global spotlight on their activities, the absence of viable sanctions has emboldened the criminals to attack, among other things, childcare facilities and hospitals in the US and the Covid-vaccine booking system in and around Rome. Worse still, political attention on the problem is waning.

In the very near future, governments and investigators will have to raise their game. Ransomware attacks are lucrative. In 2021, the so-called DarkSide group of hackers that took the Colonial Pipeline offline took in at least $90 million (£66 million) in just nine months. Emisoft, a cybersecurity company, calculated payments of ransoms in 2020 at a minimum of $18 billion. And that means that attackers have fewer scruples about causing actual physical harm. There is no direct proof that anyone died as a result of this year’s cyberattacks on hospitals. But preventing people getting vaccines is still an act of violence, even if done remotely by computer. In 2022, it will only be a matter of time before those shady figures hiding behind their screens cause actual human injury or death.

Get more expert predictions for the year ahead. The WIRED World in 2022 features intelligence and need-to-know insights sourced from the smartest minds in the WIRED network. Available now on newsstands, as a digital download, or you can order your copy online.