When it comes to ransomware, it’s time to think globally and act now

While the world understandably has remained focused on the spread of COVID-19 in the past year, another threat has become increasingly dangerous and pervasive. Ransomware, once considered a petty form of cybercrime known for plaguing vulnerable schools and local governments, has grown into a global scourge that puts scores of lives at risk while threatening wide-spread disruption.

After all, the impact of ransomware attacks can be catastrophic to everything from power grids to waste treatment plants and we must stop thinking of them as a niche criminal activity that has only a local impact. The sheer size, growth and international scope of the problem requires a global response, which unfortunately is lacking today.

To put it simply, ransomware is a classic hostage operation tailored to our digital and global age. Attacks generally occur when criminals use software known as malware to infect information technology networks and encrypt their data, holding systems hostage until a ransom is paid. During these attacks, perpetrators often steal sensitive data, damage networks and disrupt the operations of businesses and governments alike. While this may sound technical and more of an inconvenience than a disaster, in truth ransomware attackers are undermining essential infrastructure and delivery of critical health services, while raising hundreds of millions of dollars.

In fact, cybercriminals succeeded in collecting almost $350 million in cryptocurrency for ransom last year, a 311 percent increase over 2019. These funds can help finance organized crime, including human trafficking and the sale of weapons and other illegal goods. And victims span the globe: In 2020, the countries with the highest percentage of organizations reporting ransomware were India, Brazil, Turkey, Belgium, Sweden and the United States, according to a survey by security firm Sophos. And ransomware criminals often operate thousands of miles away from their victims. For example, one of the most common strains of ransomware, Ryuk, is thought to come from Russia. Many criminals operate with impunity as their national governments are unable — or unwilling — to prosecute them.

Governments, regulators and security forces have stepped up efforts to tackle the problem in recent years, conducting research on attacker groups and trends, drafting best practices guides to prepare for attacks, developing strategies to thwart criminals and establishing incident response teams.

Yet they’re addressing the problem in a disjointed manner, with different sectors and countries working on siloed solutions. The problem is simply too big and too global for piecemeal solutions to work: it needs the dedicated, coordinated attention of policymakers, security engineers and industry leaders from around the world.

For this level of cooperation to occur, however, governments around the world must recognize ransomware as a top priority and allocate the appropriate resources to work together. This requires leader level and senior engagement. That’s why more than 50 organizations have joined the Ransomware Task Force, a broad coalition of experts organized by the Institute for Security and Technology that brings together industry, government, law enforcement, civil society, cybersecurity and international organizations. The task force has developed a set of recommendations for addressing various aspects of ransomware, from deterrence and disruption, to preparation and response. These recommendations are relevant for policymakers and organizational leaders around the world and work best when adopted not only in concert with each other, but through international cooperation and coordination. The report detailing these recommendations will be published on Thursday. 

The scope of the report is both domestic and global, as world organizations such as the Group of 20 (G-20) nations and Interpol need to declare ransomware an international diplomatic and enforcement priority and establish a global coalition to fight against these cybercriminals. This cooperation will allow governments to partner with industry to establish consistent standards to prepare for attacks and defend themselves. Such a framework would provide clarity about the most successful strategies to deal with ransomware, drawing on best practices derived from government and industry experience. 

Unfortunately, all this will have limited impact if cybercriminals are allowed to operate with impunity abroad. The international community must pressure nations that harbor cybercriminals, while providing the kind of resources and training that some need to prosecute these organizations. And they can establish investigative hubs around the world to quickly go after attackers, making it difficult — and unprofitable — for ransomware operations to continue.

The international community has a history of banding together to tackle some of the world’s most pressing challenges and must do so again now. Otherwise, ransomware attacks will only become more sophisticated and more pervasive in the coming months and years and will pose a growing threat to our increasingly digital world. The time to act is now.

Jen Ellis (jen_ellis@rapid7.com) is the vice president of community and public affairs at computer and network security firm Rapid7, a nonresident senior fellow with the Atlantic Council’s Cyber Statecraft Initiative, and a co-chair of the Ransomware Task Force Working Group. Follow her on Twitter at: @Infosecjen. Chris Painter (chrispx66@gmail.com) is president of the Global Forum on Cyber Expertise Foundation and a co-chair of the Ransomware Task Force Working Group. He established the State Department’s Office of the Coordinator for Cyber Issues. Follow him on Twitter at: @C_Painter.