Ransomware has now become a global problem. Cybercriminal groups operate from countries that offer them safe haven and allow them to launch even the most sophisticated attacks. A common global strategy is needed to prevent an escalation. An assessment by Michael Veit, security expert at Sophos.
We are in the middle of a ransomware crisis. A plethora of increasingly extreme ransomware attacks have been observed over the past few months, such as the temporary shutdown of a major U.S. fuel pipeline. The rise in ransomware attacks is not a new phenomenon, but this year this type of cybercrime has moved from a vicious threat to a full blown global crisis and made it onto the political agenda.
Authorities are also being blackmailed more and more
Federal agencies are used to being constantly exposed to cyberattacks. What is new, however, is that they are now also the target of commercial ransomware attacks. This escalation is due in large part to attackers honing their skills both by working in government-sponsored "hacking armies" and by working as freelancers for private ransomware vendors.
The latest indictment by the US Department of Justice against the Chinese government allegedly assisting cyber criminals in their attacks on a widespread e-mail server illustrates the overlap between nation states and ransomware groups: the security holes discovered by state intelligence agencies are considered by private actors to be Weapon used. States that are training ransomware attackers and other cyber criminals have both heightened the ransomware threat and raised their profile in the eyes of governments around the world. In addition to the White House, this also prompted NATO and the G-7 summit recently to issue statements on ransomware.
A global crisis needs a global response
A global ransomware crisis needs a global response and concrete actions that governments and their partners can take to tackle ransomware around the world.
1. No more ransom payments
In order to fight ransomware effectively, victims need to stop paying ransom. As long as ransomware is profitable, attackers have no incentive to stop. The government's “We don't negotiate with terrorists” stance should apply to ransomware as well. Any company that is part of the federal, state or local government supply chain should contractually agree not to pay a ransom in the event of a ransomware attack. Including this standard clause in government procurement policies and announcing that every state supply chain is not required to pay a ransom could help deter ransomware, at least against government agencies.
Restoration costs an average of $ 1,85 million
But not paying a ransom is often easier said than done. But one way to make this idea more appealing - especially if it is passed off as a recommendation rather than a strict mandate - is to emphasize the enormous cost of restoring it. A recent independent study commissioned by Sophos found that ransomware victims spend an average of $ 1,85 million. Because the costs of an attack are much more than "just" the ransom: there are also costs for downtime, employees, equipment, network plus lost opportunities and long overdue upgrades of the IT infrastructure.
2. Regulation of the cryptocurrency exchanges through which the ransom money flows
What has made ransomware a global crisis is the extent to which nation states repeatedly train cybercriminals and / or offer them a safe place to stay. Unfortunately, there is currently no handling here. There is no right of recourse against governments that shelter ransomware groups. One possibility could be to impose trade sanctions on countries associated with ransomware. But it is probably more efficient and productive to hit ransomware groups where it hurts them most: with their money. Cyber criminals convert the ransom money on cryptocurrency exchanges into hard currencies. Introducing stricter regulations on these crypto exchanges would make it more difficult for ransomware groups to profit from their work. Domestically, cryptocurrency regulations and anti-money laundering guidelines could prevent cryptocurrency companies from being used as a currency exchange for ransomware attackers.
International cooperation must be the focus
Here, too, international cooperation with established guidelines helps. Nation states like Russia and China have an incentive to introduce this type of cryptocurrency regulation for their own cryptocurrency traders, largely because it forces them to convert the cryptocurrency into their currency. This strengthens their own financial strength and opens up a new source of tax revenue. When ransomware groups discover that there are few countries where they can safely make their ransom payments, the business model becomes downright unattractive.
3. Require IT hygiene and disclosure of security breaches
There are some basic IT hygiene measures that many companies still do not take: educating employees about spear phishing, introducing two- and multi-factor authentication, basic endpoint protection and securing data on network and remote storage. Governments could support this by recommending compliance with certifications instead of letting these requirements flow into laws. Another advantage: In contrast to laws, certifications can be updated relatively easily, so that compliance with the regulations by the providers would also remain up to date.
Reporting of security incidents must become standard
It must become the standard to report security incidents. However, the reporting obligation should not be a punitive measure. (Except perhaps in cases where the regulations are not being followed). Rather, they should be treated as an awareness-raising measure. The more companies or authorities are obliged to report data protection violations immediately after they occur, the sooner their partners and providers can be made aware and take immediate measures for their own protection. A nationwide reporting obligation for data protection violations also enables a more comprehensive understanding of how often these attacks occur. A complete control over ransomware is only possible if you have a feel for the true extent, amount and frequency of these attacks. The obligation to disclose data breaches and cyberattacks helps to achieve this.
More at Sophos.com
About Sophos More than 100 million users in 150 countries trust Sophos. We offer the best protection against complex IT threats and data loss. Our comprehensive security solutions are easy to deploy, use and manage. They offer the lowest total cost of ownership in the industry. Sophos offers award-winning encryption solutions, security solutions for endpoints, networks, mobile devices, email and the web. In addition, there is support from SophosLabs, our worldwide network of our own analysis centers. The Sophos headquarters are in Boston, USA and Oxford, UK.