We Know You Can Pay a Million by Anja Shortland Review – the Terrifying New World of Ransomware

The origins of ransomware trace back to Joseph Popp’s 1989 AIDS‑Trojan, a crude experiment that demanded a $189 “license fee.” While the early scheme was quickly neutralized, it foreshadowed a lucrative model that exploded once TOR anonymized communications, Bitcoin provided untraceable payments, and asymmetric encryption ensured each victim’s data was uniquely locked. Today, ransomware generates roughly $1 billion in revenue each year, yet the collateral damage to businesses, governments and healthcare systems exceeds $57 billion, underscoring a stark profit‑to‑loss imbalance.

Modern ransomware operations resemble legitimate enterprises. Brands such as Conti, LockBitSupp, Evil Corp, and DarkSide maintain salaried staff, dedicated help desks, and even human‑resources functions to manage affiliates and negotiate payouts. The affiliate model spreads risk and scales attacks, while double extortion—encrypting data and threatening public exposure—maximizes leverage. Recent trends point to AI‑driven automation, which could accelerate encryption, improve target selection, and enable attacks on critical infrastructure, raising the specter of cyber‑warfare that rivals traditional geopolitical threats.

Governments are increasingly framing ransomware as a national‑security issue, as seen in the coordinated takedown of REvil and the global response to WannaCry and NotPetya. Experts like Shortland argue that outright eradication is unrealistic; instead, societies must adopt a risk‑management stance akin to pandemic preparedness. Mandatory cyber‑hygiene standards, victim support mechanisms, and stronger prosecution pathways are essential to curb the incentive structure. As AI lowers the barrier for sophisticated attacks, proactive policy and industry collaboration will be pivotal in preventing a future where a single ransomware strike can stall entire economies.