The opinions stated here are my own, not those of my company.
I’ve been thinking about two different pieces of tech news and whether they might fit together in some way.
First, we are under attack from ransomware that targets individuals, companies, and critical infrastructure to the tune of billions of dollars in lost revenue and ransom payments.
Second, private companies are making massive strides in developing quantum computers. Quantum supremacy has already been achieved, showing that there are some computations that are faster to do on a quantum computer than a standard one. Quantum computer will allow a number of applications to become feasible, including breaking standard cryptography.
To summarize, the way that encryption works today is an algorithm which makes it hard for a standard computer to decrypt with guesses. However, a quantum computer doesn’t have that limitation. It would be able to make guesses much more effectively in order to reveal the original data. There are efforts to create quantum cryptography which should be resilient to these attacks.
Does it seem possible to use quantum computers to break the encryption that ransomware uses? Rather than paying a ransom, a company could reach out to the FBI or some other organization. The FBI would then be able to use this device to generate the decryption key rather than pay the ransom.
It could potentially be a lucrative opportunity for a federal organization or maybe even a private company. If your company’s data is being held at ransom for $5 million, and this org will do it for $500,000, you’ll go with the cheaper and more ethical option.
At some point there will be a problem of quantum ransomware, but given the current cost and maintenance difficulties of quantum computers it seems unlikely that a small criminal organization would be able to operate one in secret. The amount of power needed would quickly be caught if they were operating in the US. Granted, if the country is seemingly protecting or laissez-faire… but they are already operating with impunity.
I do worry that this might kick off some sort of potential arms race, with hackers trying to get increasingly better at encrypting data beyond the capabilities of nation-states.
However, since even existing decryption tools by the hackers don’t work, I think it will be quite some time before this will be something to worry about.