In the 21st century, the concept of war is no longer confined to traditional battlefields, relying solely on weapons and military equipment. It has expanded into more complex and dangerous domains, most notably cyberspace. Here, security threats no longer cross physical borders but manifest through malicious code and cyberattacks capable of paralyzing entire countries without firing a single bullet.
Among these threats, ransomware attacks have emerged as one of the most dangerous forms of transnational organized crime due to their ability to target critical infrastructure, individuals, and institutions alike. These attacks operate on a simple concept but yield profound consequences: gaining control over vital systems or sensitive data, then demanding a financial ransom in exchange for restoring access or preventing leaks.
In this context, Max Smeets’ book Ransom War: How Cyber Crime Became a Threat to National Security sheds light on this growing threat. It highlights the technical side of these attacks while going further to analyze their economic, organizational, and political structures, showing how ransomware has evolved from isolated acts by individuals to cross-border criminal networks threatening the national security of major states.
Through the case study of the “Conti” group’s attack on Costa Rica in 2022, the author demonstrates that this phenomenon is no longer just a digital threat—it has become a geopolitical pressure tool capable of pushing a state to declare a “state of war.” The book presents ransomware as a complex field where the digital economy intersects with international politics, and where modern technologies intertwine with strategies of extortion and deterrence.
This review focuses on four main areas:
- The evolution of ransomware attacks, including their historical and technical development;
- The Costa Rica case study as a revealing example of the phenomenon’s severity;
- Analysis of the internal structure of cybercriminal groups like Conti and the conflicts and contradictions within them;
- The global security challenges posed by these attacks.
Evolution of Ransomware Attacks
Over recent decades, cybersecurity has undergone a radical transformation, with ransomware becoming a prime example of this shift due to its severity and adaptability to changing technical and economic environments. Ransomware first appeared in a primitive form in the late 1980s, with early programs like the AIDS Trojan, which used simple storage media to extort computer users. However, the growing reliance on digital systems and the evolution of the internet over the last two decades created a fertile environment for ransomware to evolve into fully organized criminal operations.
At the turn of the millennium, ransomware evolved into advanced encryption tools that block access to vital data unless a ransom is paid. Its impact went beyond mere device disruption or user annoyance, threatening the ability of institutions and governments to perform essential functions. Consequently, ransomware became a source of financial and reputational loss, prompting its inclusion in national security agendas.
Structurally, ransomware development relied on two main axes:
- Technical: enhancing penetration and stealth capabilities through strong encryption, dark web networks, and anonymization tools;
- Economic: the “Ransomware-as-a-Service” (RaaS) model, which transformed attacks into a full-fledged criminal industry with supply chains, technical support services, and marketing platforms on hidden networks.
Notable incidents like WannaCry and NotPetya in 2017 demonstrated the wide-ranging impact—from companies to entire societies—causing billions in damages, disrupting healthcare and transportation sectors, and impairing trade and national economies in multiple countries.
Ransomware attacks have a dual nature, combining technical complexity with psychological and economic dimensions. They rely on extortion mechanisms that require a degree of credibility from attackers to convince victims that paying the ransom will indeed restore data or stop leaks. This gives ransomware an organizational and behavioral dimension, making it more challenging to combat. Consequently, these incidents are no longer merely technical issues but systematic threats requiring comprehensive strategic responses at national and international levels, including:
- Enhancing technical capabilities;
- Establishing cross-border legal and punitive frameworks;
- Intensifying intelligence and judicial cooperation;
- Implementing economic and technological policies to reduce extortion viability and raise the cost of attacks for perpetrators.
Government Paralysis in Costa Rica
The book pays special attention to the ransomware attack on Costa Rica in spring 2022. The criminal group known as “Conti” launched a widespread attack on government systems, disrupting tax, customs, and financial services. The situation was so severe that the president declared a national emergency, describing the attack as a “state of war.”
The author notes that this attack marked a turning point in understanding ransomware: it proved that such operations could paralyze an entire country, not just a company or institution. It also revealed that attackers are not mere hobbyist hackers but organized groups with international reach and political ties.
The book mentions Conti’s connection to Russia, raising questions about whether such groups act as unofficial agents for major powers. Yet the Russia–Ukraine war revealed the fragility of these groups, as a Ukrainian civilian leaked internal Conti files publicly, ultimately causing its fragmentation into smaller entities.
The Costa Rica attack highlighted the cross-border nature of ransomware and the inability of individual states to tackle it alone. When a small country confronts a criminal organization backed or shielded by a major power, the imbalance of power becomes stark. This underscores the author’s central point: ransomware attacks are not merely financial extortion but a form of unconventional warfare.
Fragility of Ransomware Organizations
The author examines the internal structure of these groups using leaked Conti documents, revealing that they are not invulnerable but face internal contradictions and divisions. Like any economic activity, ransomware operations require administrative organization, leadership structures, and role distribution: some develop malware, others manage victim communications, and some handle money laundering. Yet the system remains fragile due to a lack of trust among members, who operate under anonymity and fear of infiltration or betrayal.
The book also discusses the need for credibility with victims. To convince a target to pay a ransom, they must trust that the attacker will honor their promise by decrypting data or halting leaks. Building a reputation within the cyber-extortion community is therefore vital but also a point of vulnerability—any broken promise damages the group’s image and reduces the likelihood of future success.
Personal conflicts and financial disagreements make these organizations prone to collapse. Conti’s fragmentation following data leaks illustrates this, showing that even a seemingly solid entity threatening a nation’s security can ultimately fall apart internally.
Global Security Challenges
The author examines ransomware’s broader implications for global security, highlighting three levels: businesses, individuals, and states.
- Businesses: Ransomware poses a direct threat to companies, causing massive financial losses, undermining confidence in digital infrastructure, and sometimes leading to bankruptcy.
- Individuals: Vulnerable populations—patients in hospitals or users of public services—are most at risk. Incidents like the release of breast cancer patients’ images in the U.S. demonstrate the tragic human dimension of these crimes.
- States: At national and international levels, ransomware represents a threat to national security on par with traditional military threats, capable of disabling vital government institutions, disrupting state operations, and damaging trust between citizens and the state.
Understanding these networks’ mechanisms can help counter them. Studying cases like Conti can improve preventive policies, strengthen international intelligence sharing, and develop deterrence strategies that make attacks costlier than their potential gains.
Conclusion
Ransom War emphasizes that ransomware is no longer merely a digital nuisance causing individual or corporate losses. It has evolved into an organized, transnational phenomenon posing a real threat to national security and international stability. Its transformation into an “industry” based on economic models and interlinked with international interests has made it a pressure tool capable of paralyzing entire state institutions and triggering widespread political and economic crises, as exemplified by Conti’s attack on Costa Rica.
The author stresses that combating ransomware requires more than narrow technical solutions. A comprehensive approach is needed, combining:
- National cybersecurity capacity building;
- Domestic and international legal frameworks to deter and prosecute attackers;
- Cross-border intelligence and judicial cooperation;
- Economic policies to reduce extortion viability, such as strong data backup and infrastructure security measures.
The book also calls for recognizing ransomware as part of the national security threat landscape, involving the private sector as an active participant and developing transparent mechanisms for reporting and cooperating with partner states’ institutions.
Source:
Max Smeets, Ransom War: How Cyber Crime Became a Threat to National Security, Oxford University Press, 2025, 256 pp.
