Note to Reader: In 2018, Dr. Megan Reiss and I wrote an article for The Weekly Standard, warning of the growing risk of ransomware. I’ve referenced this article several times in this newsletter, but I’m now reproducing it here in the wake of the Colonial Pipeline ransomware attack.

Imagine that in a few days, or maybe a few years, the United States suffers an unprecedented ransomware attack.

Maybe it begins 30 days after tax day because millions of Americans unknowingly download malicious software hidden on a popular tax preparation website. Maybe the “TurboHax” ransomware uses the “forever red” vulnerability made public by a group of suspected Russian government hackers. The virus then automatically multiplies and spreads itself using victims’ compromised credentials and stored contacts. Within hours, it has spread across the globe. But that’s only the beginning.

Using a polymorphic attack algorithm, TurboHax not only infects and locks users out of files on their desktop or laptop computers, it spreads to their mobile phones and other connected devices. When infected users connect to their home wifi networks, their televisions, internet-enabled speakers, and online home security systems become compromised, too. When the virus’s delayed detonation finally goes off, people are simultaneously locked out of every device they own.