Over the last decade, ransomware attacks have increased drastically. Ransomware refers to attacks involving extortion of financial resources from a target. It is an ever-evolving form of malware that is designed to encrypt data on a device, which in turn renders any files and system unusable. In exchange for decryption of files, the malicious actors demand ransom. While few people might think that a virus has locked their computer, but ransomware is typically classified as a different form of malware than a virus. The earliest types of ransomwares’ were developed in the late 1980s and the victims used to send payments through snail mail. In the early years, ransomware attacks were targeted on individual systems. However, today ransomware attacks have become more sophisticated and the malicious actors target individuals, organizations and businesses of all kinds. They have also upgraded their payment systems and demand ransom to be paid in cryptocurrency. Some malicious actors affiliated with ransomware attacks also sell their service to other cybercriminals, which is called Ransomware-as-a-Service of RaaS.
The newer forms of ransomware attacks have become more sophisticated and disruptive. Ransomware attacks are now successfully carried out against businesses, stumbling productivity which results in loss of sensitive data and revenue. The common types of ransomwares’ targeting different businesses include; GandCrab, SamSam, NotPetya and WannaCry. Ransomware attacks have increased to 88% in the second half of 2018. The main reason of shifting towards businesses was that cybercriminals realized that targeting big businesses, government agencies, hospitals and commercial institutions would give them big payoffs. The following are some ransomware statistics as of 2021;
From the above figures it is evident that governments have been targeted the most in 2021 by the cybercriminals, and the USA is on the top of list being hit by the ransomware attacks. Ransomware is a known issue and there has been a world of progress in fighting against these attacks. Many countries have taken countermeasures to combat it. Recently, the USA took a lead and conducted a meeting of cybersecurity officials from 30 countries with plans to tackle the growing threat of ransomware attacks and other cybercrime. An online session was hosted by the White House National Security Council in October, 2021 with the aim to “improve collaboration between law enforcement agencies” on issues such as “the illicit use of cryptocurrency” and to tackle “the misuse of virtual currency to launder ransom payments” and “investigate and prosecute ransomware criminals”. This step was taken by the Biden administration following a series of ransomware attacks in the year 2021 that threatened to disrupt the USA’s food and energy supply. According to reports, meat producer JBS SA paid USD 11 million to stop a ransomware attacks that halted their production. This ransomware attack is believed to come from a Russian criminal group[MOU2] . Colonial Pipeline also paid USD 5 million to an Eastern European based hacker gang. Both companies paid the ransom in Bitcoin. The Biden administration created a new informal group against ransomware attacks i.e., Anti-Ransomware Initiative, that will step up its diplomatic efforts including direct talks with Russia as well as with the United States and NATO alliance.
A series of virtual meetings were held to discuss countermeasures against ransomware attacks. This virtual summit was hosted by the United States, Germany, Britain, Australia and India on 13th October, 2021 and 14th October, 2021. China and Russia were excluded from the guest list as many criminal hackers’ groups are suspected to live and operate from these countries. The countries that participated in the virtual summit include Brazil, France, Canada, Mexico, Ukraine, Japan, South Africa, Israel and the European Union.
These counter-ransomware efforts were made to engage allies to join the United States in this integrated effort to disrupt the ransomware ecosystem. Although the United States led the whole session, but focus panels were also chaired by other countries. The United Kingdom chaired the Countering Illicit Use of Cryptocurrency Panel. India chaired the Resilience Panel. Australia chaired the Disrupting Ransomware Infrastructure and Actors panel. Participants covered topics to improve national resilience and addressed the misuse of virtual currency to legalize ransom payments. Delegations focused on the importance of international cooperation to address the transnational threat from ransomware. The experts from law enforcement, diplomacy, financial regulators and cyber resilience shared their views and opinions in the meetings. The reason of inviting experts from parallel channels was that all these channels are relevant in disrupting ransomware and their integration is very important in order to counter ransomware more effectively.
As the ransomware attacks are becoming more and more sophisticated, therefore, international cooperation is the need of the day to disrupt this complex ecosystem. In order to understand the complexity of ecosystem, one can imagine, the individuals who launched the attacks could be living in one country, and they would be legalizing the ransom payment in another country, the exchange could be recorded in a third country and operating in a fourth country and so on. This is evident that ransomware is not a problem of one nation but is a transnational threat and could not be resolved without international coordination and collective measures.
The 30 nations attending the virtual summit acknowledged that rutted implementation of FATF (Financial Action Task Force) rules around virtual currencies have enabled cyber criminals to take advantage and launder their ransomware payments. The countries also agreed to cooperate in future to exchange information and opportunities to automate certain information exchange. Real-time communication across different governments is crucial to enhance national capabilities to address ransomware attacks while they’re happening, as ransomware hackers and criminals tend to repeat their tactics, techniques and activities. It is worth mentioning that such timely cooperation could help the world to curb the ransomware ecosystem from our society.