Skip to content

Viewpoint: The AI Ransomware That Couldn’t Get Paid

On July 1st, security researchers at Sysdig published something they had never documented before. A ransomware attack that ran from start to finish without a single human directing it, an AI agent alone at every stage. If you work in security, risk or insurance, the automation is the least interesting part of this story. Notice instead that the attack could never have paid out, even for a victim who did everything right.

So let me tell you what happened, in plain terms. An AI agent broke into a company’s systems, worked its way to the central database, encrypted everything it found, and left a note demanding payment in Bitcoin. Ordinary ransomware works like a burglar who changes your lock and keeps a spare key, because selling that spare key back to you is the entire business model. This attack changed the lock and never made a spare. The note was real. The lock was real. The key never existed.

An attack that cannot even collect a ransom sounds like the less dangerous kind, closer to a malfunction than a real weapon. That is perhaps a reassuring reading, but I’m not convinced of it.

The researchers who caught this were thorough. Over 600 separate actions, each explained in the agent’s own plain language notes as it worked. At one point it tried to create an administrator account, entered the password in the wrong format, diagnosed its own mistake, and produced a working fix in 31 seconds. No person involved in any of it.

Speed like that gets headlines; what deserves your attention however sits elsewhere. Nothing in this operation was built to actually collect a payment. There was no key kept anywhere to hand-over once someone paid. Nothing suggests the contact address in the note was ever being watched. Even a claim that stolen data had been copied off to a separate server turned out to have no evidence behind it at all. Every piece of machinery a real extortion operation needs was simply missing.

My grandfather had a saying for it: just because something’s missing doesn’t mean it was forgotten.

Little under the sun is truly original, and a ransom note stapled onto something built to never pay out has happened before. In 2017, the NotPetya attack tore through shipping firms, drug makers and government agencies worldwide, demanding Bitcoin like any other extortion campaign. It never delivered. The payment email was shut down within hours, the encryption could not be reversed by anyone (including its own authors) and investigators eventually concluded the ransomware costume was deliberate. A state actor used the shape of ordinary crime to cause enormous damage while looking, for a while, like something explainable. Militaries have used a version of the same logic for far longer than computers have existed: rehearse a new capability somewhere the outcome does not matter, before committing it somewhere it does.

None of that of course proves this attack was planned the same way. But it means the pattern is not new, and it should make us slower to reach for accident or mistake as the explanation.

Was it a careless operator, or an agent left to improvise without proper instructions? Well, both explanations run into the same wall. Something careless enough to skip the entire payment side of the operation should also be careless on the technical side, where the real difficulty actually lives. This one was precise everywhere except the one place precision would matter to somebody trying to get paid.

Think about what each half of this operation would cost the person who built it. The break-in itself is cheap and safe to test. Borrowed credentials, someone else’s computing power, a target nobody important cares all that much about. If it goes wrong, nothing is lost. Getting paid is where the real risk starts.

A wallet you control can be traced back to you. An inbox you check can be linked to you. A system built to hold onto a key is a system you can be caught having built. Someone being careful would test the safe half first and hold the risky half back until they were ready to commit to it. Seen that way, the missing payment apparatus stops looking like a mistake and starts looking like a choice.

Here is the detail in the trail I keep glancing back at: the Bitcoin address left in the note is a famous one, the exact example address used throughout Bitcoin’s own instructional documentation, publicly known and permanently empty, rather than something invented on the spot. Now, we cannot say for certain whether the AI pulled that address from something it had read during training, or whether a person deliberately used a real wallet that happens to match it.

But there is a third possibility that neither of those quite covers. A placeholder, chosen on purpose, useful because it looks completely convincing to a victim while committing whoever picked it to nothing at all. An object doing two jobs like that at once does not usually happen by chance, and I’m not a believer in coincidence.

If that reading is right, the destruction that followed means something different than it first appears. Vandalism does not test anything, while a genuine rehearsal does, and rehearsals leave exactly this kind of damage behind when the one part that would prevent it has been deliberately left out. That is the same shape the NotPetya attack took. Real damage, dressed as crime, in service of something the people behind it were not ready to reveal.

None of this is certain, and I would rather say so plainly than dress it up as more than it is. Even Sysdig, closer to the evidence than any of us, says it cannot see the instructions or the configuration behind this operation. What we have is the shape of an object. The shape is suggestive, but it is not proof.

So, currently, this is where I believe the real interest sits with this story. If the hardest part, an agent running an entire break-in unattended from first access to destruction, has already been quietly tested against a target nobody cared about, what remains to be built is the part with real consequences: a working wallet, a monitored inbox, a way to actually deliver what was promised. That is exactly the part a careful builder would develop quietly rather than announce.

I do not know whether that work is already underway, and neither does anyone else commenting publicly on this. But rehearsals only stay quiet until the day they stop being rehearsals.

Topics
InsurTech
Data Driven
Artificial Intelligence
Cyber

Leave a Reply

Your email address will not be published. Required fields are marked *

Orlando Bryant Mckee

Find the Perfect Health Insurance Plan for Your Needs

Compare health Insurance & supplemental plans from trusted insurance providers. Get personalized quotes in minutes and speak with a licensed agent today.

90% CHEAPER THAN COBRA

Compare plans from top insurers in under 3 minutes

Let’s get started!

Enter your ZIP code to see plans available in your area.

Must be 65+ for Medicare eligibility or turning 65 in the next 6 months