“It’s like wrecking a car to steal a pair of sunglasses. The sunglasses are the ransom. The damage to the car is fifty to seventy-five billion dollars a year.” — Anja Shortland

Cybercrime is booming. Ransomware attacks — where criminal gangs encrypt your servers and hold your data hostage until you pay — cost victims somewhere between fifty and seventy-five billion dollars a year in damage. The hackers themselves pocket around a billion. As Anja Shortland, professor of political economy at King’s College London and author of Dark Screens: Hackers and Heroes in the Shadowy World of Ransomware, puts it: “it’s like wrecking a car to steal a pair of sunglasses.” The sunglasses are the ransom. The wrecked car is the damage to the rest of us.

Shortland is an expert in extortive crime — transactions where a legal entity has to make a deal with a criminal group under conditions of zero trust. She has studied kidnap for ransom, Somali piracy, art theft, and now the booming business of ransomware. What fascinates her is not the crime itself but the institutions that emerge in the space between the legal world and the criminal underworld: the insurance companies that price the risk, the negotiators who manage the transaction, the norms that make it possible for a corporation to pay a criminal gang and actually get its data back. In Russia, hacking Westerners isn’t even a crime. In North Korea, it’s an actual department with a small army of government employees. In Iran, it’s a foreign policy. Criminality, Shortland thus argues, is defined by whoever holds power.

The game-changer, she argues, is cryptocurrency. Without it, ransomware doesn’t work — you can’t move money anonymously at scale without it. Regulate cryptocurrency, and you take the profit motive out of most of what she studies. The irony is that the current American administration is amongst the most crypto-friendly in history. Meanwhile, AI — specifically Anthropic’s Claude Mythos, the hacking model that was leaked rather than released — is about to give criminals tools that only well-resourced banks and corporations can currently deploy defensively. So cybercrime will continue to boom. Expect a pile-up of wrecked cars on our information highway.

Five Takeaways

•       We Know You Can Pay a Million: The title of the UK edition of Shortland’s book is the most revealing line in ransomware. Criminal gangs don’t pick ransom figures arbitrarily. They spend weeks inside the victim’s systems, studying cash flow, cash reserves, and insurance coverage, before setting a demand on the painful side of affordable. The victim usually pays — because the alternative is losing access to patient records, customer data, or patents permanently. The hackers know this. The negotiation that follows is, in Shortland’s framing, a transaction between parties with zero trust and one thing in common: both want a deal.

•       In Russia, It’s Not a Crime: Ransomware is not a uniform global crime. In Russia, theft and extortion directed at Westerners is not considered a criminal act. In North Korea, hacking is organised as a government department — a state revenue stream, not a criminal enterprise. The line between crime and legitimacy is drawn by whoever holds power. This complicates any enforcement response: you cannot extradite a North Korean government employee. You cannot prosecute a Russian hacker in a Russian court. The only effective levers are diplomatic, financial, and technical — and all three are currently being weakened.

•       Insurance Orders Criminality: Shortland’s most counterintuitive argument: insurance companies are not passive bystanders in ransomware. They are active market-makers. By pricing the risk, they create the conditions under which a corporation can make a rational decision to pay. By negotiating on behalf of victims, they create norms — what a fair ransom looks like, what proof of decryption looks like, what happens if the hackers don’t deliver. Insurance, in Shortland’s telling, is what makes the criminal market function. Most people think insurance is boring. They are not thinking about this.

•       Cryptocurrency Is the Real Game-Changer: Ransomware as a profitable business model did not exist before cryptocurrency. Without the ability to move money anonymously at scale, without blockchain verification that payment has been received, the transaction between criminal and victim cannot be completed. Regulate cryptocurrency — apply the anti-money-laundering frameworks that govern wire transfers and bank accounts — and you take the profit motive out of most of what Shortland studies. The irony: the current American administration is among the most crypto-friendly in history, and the president’s own family has direct financial interests in the sector.

•       Claude Mythos and the Asymmetric AI Problem: Anthropic’s Claude Mythos — the AI model built to find software vulnerabilities, which was leaked rather than formally released — is the next phase of this war. The defensive use case is real: a well-resourced bank can use it to find and fix its vulnerabilities before attackers do. The problem is asymmetry. A large financial institution can deploy Claude Mythos defensively. Wiltshire County Council, a local hospital, a dental practice, a legal firm — the soft targets that ransomware gangs prefer — cannot. The hackers will eventually get it. The debate about who should be allowed to use it, and under what conditions, has not happened. That is what worries Shortland most.

About the Guest

Anja Shortland is a Professor of Political Economy at King’s College London and the author of Dark Screens: Hackers and Heroes in the Shadowy World of Ransomware (Princeton University Press, 2025; US edition April 2026) and Kidnap: Inside the Ransom Business. She was a member of the Ransomware Task Force.

References:

•       Dark Screens: Hackers and Heroes in the Shadowy World of Ransomware by Anja Shortland (Princeton University Press, US edition April 2026).

•       Steven Levy, Hackers: Heroes of the Computer Revolution (1984) — referenced in the interview as the origin story of hacking culture.

•       Episode 2885: Keith Teare on Adulting — the week Anthropic’s Claude Mythos was discussed; the Shortland interview is the companion piece on what it means in practice.

About Keen On America

Nobody asks more awkward questions than the Anglo-American writer and filmmaker Andrew Keen. In Keen On America, Andrew brings his pointed Transatlantic wit to making sense of the United States — hosting daily interviews about the history and future of this now venerable Republic. With nearly 2,900 episodes since the show launched on TechCrunch in 2010, Keen On America is the most prolific intellectual interview show in the histo...