Sign up for our daily briefing

Make your busy days simpler with Axios AM/PM. Catch up on what's new and why it matters in just 5 minutes.

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Catch up on coronavirus stories and special reports, curated by Mike Allen everyday

Catch up on coronavirus stories and special reports, curated by Mike Allen everyday

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Denver news in your inbox

Catch up on the most important stories affecting your hometown with Axios Denver

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Des Moines news in your inbox

Catch up on the most important stories affecting your hometown with Axios Des Moines

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Minneapolis-St. Paul news in your inbox

Catch up on the most important stories affecting your hometown with Axios Twin Cities

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Tampa Bay news in your inbox

Catch up on the most important stories affecting your hometown with Axios Tampa Bay

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Charlotte news in your inbox

Catch up on the most important stories affecting your hometown with Axios Charlotte

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Illustration: Aïda Amer/Axios

Ransomware attacks are becoming smarter, more common, and more dangerous.

What's happening: In ransomware incidents, attackers take systems down and demand payment (usually in bitcoin) to restore access to them.

  • Compared with the political impact of election hacking or the privacy violations of data breaches, ransomware has typically been viewed as the cyber equivalent of hit-and-run robbery.
  • But aggressive new tactics, including threats of massive file dumps, are blurring the lines between ransomware and other attacks, making them a national security issue as well as a business problem.

Driving the news: In the latest indication that ransomware is moving beyond its best-known targets — state and local governments and healthcare systems — a Department of Homeland Security advisory on Tuesday reported a ransomware attack that forced a natural gas compression facility to shut down two days.

  • Analysts at Dragos identified the incident as one reported in December by the Coast Guard.
  • Last month, researchers at Emsisoft warned that ransomware attacks could disrupt the 2020 U.S. elections. "[T]hreat actors could use ransomware to tamper with the 2020 election process by attacking county-level entities and lower-level election officials," according to the Emsisoft report. Attacks could "potentially disrupt local voting infrastructure, stifle access to information, leak voter data and ultimately undermine public trust."
  • The Palm Beach County, Florida, election supervisor told the Palm Beach Post last week that the county had suffered a ransomware attack in September 2016. The county's previous election supervisor, who was in office then, denied the report.

The big picture: A raft of recent ransomware research paints an alarming picture of a threat that's still evolving.

  • The threat analysis firm Recorded Future reports a 20% increase in ransomware incidents affecting state and local governments and healthcare institutions year-to-date for 2020 compared with the same period in 2019.
  • Recorded Future and other analysts note that many ransomware attackers now also seize mountains of data from target networks before shutting them down, then use the threat of publicizing the private documents to demand payment.
  • In another trend, a whole industry of "ransomware as a service" providers is emerging to handle the technical work for would-be ransom takers.
  • IBM reports "high levels of code innovation" in the ransomware realm, and finds that the most common vulnerability exploited by ransomware is a flaw in a part of the Windows operating system called SMB, or "server message block."

Yes, but: The full scope of ransomware activity is tough to gauge because private industry is under no obligation to report incidents — and many affected companies are unlikely to admit they've been had.

  • According to the FBI's Internet Crime report for 2019, the IC3 received 2,047 complaints identified as ransomware last year, with adjusted losses of over $8.9 million.
  • That's compared to a total of 467,361 complaints of all kinds in 2019 — an average of nearly 1,300 every day — with more than $3.5 billion in losses to individual and business victims.

Go deeper

Tech scrambles to derail inauguration threats

Illustration: Sarah Grillo/Axios

Tech companies are sharing more information with law enforcement in a frantic effort to prevent violence around the inauguration, after the government was caught flat-footed by the Capitol siege.

Between the lines: Tech knows it will be held accountable for any further violence that turns out to have been planned online if it doesn't act to stop it.

Dave Lawler, author of World
2 hours ago - World

Uganda's election: Museveni declared winner, Wine claims fraud

Wine rejected the official results of the election. Photo: Sumy Sadruni/AFP via Getty

Yoweri Museveni was declared the winner of a sixth presidential term on Saturday, with official results giving him 59% to 35% for Bobi Wine, the singer-turned-opposition leader.

Why it matters: This announcement was predictable, as the election was neither free nor fair and Museveni had no intention of surrendering power after 35 years. But Wine — who posed a strong challenged to Museveni, particularly in urban areas, and was beaten and arrested during the campaign — has said he will present evidence of fraud. The big question is whether he will mobilize mass resistance in the streets.

Off the Rails

Episode 1: A premeditated lie lit the fire

Photo illustration: Sarah Grillo/Axios. Photo: Chip Somodevilla/Getty Images

Beginning on election night 2020 and continuing through his final days in office, Donald Trump unraveled and dragged America with him, to the point that his followers sacked the U.S. Capitol with two weeks left in his term. Axios takes you inside the collapse of a president with a special series.

Episode 1: Trump’s refusal to believe the election results was premeditated. He had heard about the “red mirage” — the likelihood that early vote counts would tip more Republican than the final tallies — and he decided to exploit it.

"Jared, you call the Murdochs! Jason, you call Sammon and Hemmer!”