This latest cyberattack reveals just how much economic power our computers have

Last week, cyber criminals launched the biggest cyber-attack in history. ‘WannaCry’ held millions of people’s data to ransom and demanded a significant sum of money in return (Think Miss Marple meets The Matrix).

Now, they’ve taken it to the next level. A second cyber-attack, Adylkuzz, launched yesterday, taking control of hundreds of thousands of computers and essentially enslaving them to produce more money (Think The Matrix meets The Big Short…)

More than anything, these two attacks reveal just how much economic power rests inside our computers; in terms of the value of the data stored, and the power of the computer to produce more profit for a savvy cyber-criminal.

First, data.

WannaCry began on May 12th in Spain, spreading to the UK, Germany, India and eventually to over 150 countries. It infected personal computers, corporate networks and government systems. And it gathered data that holds a serious amount of economic potential – to the owner, and to the attacker. 

The attack came in the form of a piece of 'ransomware' infecting hundreds of thousands of Windows XP computers. WannaCry encrypts personal files on a device and holds them hostage unless $300 is paid to the attacker. After three days this doubles to $600. After seven, all the files get deleted forever. At that point, you probably want to cry (get it?).

How much the encrypted data is worth is in some cases impossible to put into monetary terms. It could be old birthday photos, wedding videos, holiday journals – but it could also be financial information, sensitive passwords, or anything else. The more sensitive the data at stake, the more likely the victim is to pay up.

But there’s another value to the data that extends beyond what it means to its owner. Data is more than just a personal ‘asset’, or thing of value: once stolen, it becomes a tradable commodity in the underground black market of the deep web.

The underground data market works like any other market in the economy. There’s a good (or ‘commodity’) which some want and others have – in other words, supply and demand. Black markets trade illegal commodities, like drugs, weapons, and even personal assassins for hire. Sensitive data can also be traded, like passwords, credit card details and even Uber accounts.

Once the sensitive data enters the black market, a price for it is determined depending on the demand for it. The higher the demand for the data, the higher its market value is, and the larger the profit that can be made off it. For example, passwords to a large bank account will be in higher demand than a password to someone’s MySpace - even if that MySpace account had photos on it which to the owner were priceless. In an anonymous market where the goods at stake are of no emotional value to anyone, financial value becomes all that matters.

Then, money creation.

The second attack, ‘Adylkuzz’, infected over 200,000 computers. But this time, they didn’t hold anyone hostage – instead, they enslaved our devices themselves.

The Adylkuzz malware uses the same worm to get into a computer as WannaCry does. Interestingly, this worm was created by the National Security Agency (NSA), an American government military intelligence organization (the one that Wikileaks hacked into) to hack computers.

Unlike WannaCry, which flashes a massive message onto your screen, Adylkuzz runs its software in the background on a computer, so users may not even know they’ve been infected. It steals computer power, possibly slowing the device, to ‘mine’ for a type of Bitcoin What's this? named Monero.

‘Mining’ means that a computer uses its power to solve a complex equation which eventually creates a bitcoin – like striking gold in a goldmine, (except unlike mining a goldmine you’ve got to be really good at maths). Without bitcoin miners, no new coins could be brought into circulation.

That’s what differentiates this attack from WannaCry. The value isn’t in your data – it’s in the fact that these people can use your computer to literally create money.

Next? Who knows.

In both cases, it seems pretty clear that at least one of the things motivating these attackers is profit. But unlike other forms of theft, most of us aren’t even aware of the economic potential of what’s being taken until it’s too late. We don’t know yet who’s behind these attacks, or what they really want – but it’s probably a good idea to download some antivirus software on your computer just in case...