As Ransomware Threats Mount, It’s Time for Coordinated Tactics
- As Internet connectivity grows, cybercriminals are exploiting new vulnerabilities that have greater impact.
- Ransomware threats have become not just a nuisance but a true economic threat, with hospitals, schools and other integral systems becoming targets.
- Government and the private sector need to join in coordinated efforts to create economic and legal disincentives for malicious attackers.
Cybercriminals have been able to act with impunity and without sufficient consequences, said experts at the recent RSA Conference 2021.
Ransomware attacks have become economically burdensome but also increasingly disruptive to basic services, such as health care and education. As the targets for attacks have increased given digitization, the economic and social impact has also grown exponentially.
The average ransom paid for organizations increased from $115,000 in 2019 to $312,000 in 2020, a 171% year-over-year increase, according to a 2021 report from Palo Alto Networks. Additionally, the highest ransom paid by an organization doubled from 2019 to 2020, from $5 million to $10 million.
Set the economic impact against the disruption of basic services, such as health care, banking and education, and ransomware has become a scourge on society, said experts at the recent RSA Conference 2021.
“Ransomware has gone from an economic nuisance to a national threat,” said Michael Daniel, president and CEO of the Cyber Threat Alliance. While in 2013 malicious actors targeted individual servers or computers and garnered about $150 per attack, today, ransomware threats cost hundreds of thousands of dollars and may target hospitals, school systems or other public infrastructure systems that are part of the fabric of society.
These threats are “not just an economic burden on society and imposing a public health and safety threat but also a national security threat,” Daniel said.
Further, paying up hasn’t paid off, according to the Palo Alto Networks report.
Fewer than one in 10 (8%) of organizations retrieved all encrypted files after paying to get their data. In fact, on average, organizations that paid the ransom got back only 65% of their data, with .
Stopping Ransomware Threats Requires Partnership
According to the panel, ransomware attacks have become increasingly profitable but also turnkey and commoditized for attackers. That’s party because ransomware’s victims haven’t developed an appropriately powerful response to combat it.
Experts agreed that thwarting ransomware attacks will require coordination among public-sector organizations such as the FBI and the Department of Defense andprivate companies.
Recently the U.S. Department of Justice seized hundreds of thousands of dollars in assets from the Netwalker gang, in operation since 2019. Public-private partnerships effectively identified and routed out the Netwalker systems.
“The Netwalker takedown is a good example of private-public partnership on an international scale,” said Jen Miller-Osborn, deputy director of Threat Intelligence, Unit 42, at Palo Alto Networks.
And just as private companies and governments need to work together, internationally, governments must work together to put pressure on malicious actors and the nation-states that may tacitly support them.
“You have to use carrots and sticks in the international ecosystem. You have to change the calculus of what’s in those countries’ interest,” Daniel said. “You put pressure on them diplomatically.”
At the same time, successful ransomware campaigns indicate that decentralized models such as blockchain and the cryptocurrencies built on this architecture have given malicious actors effective tools.
“It’s pretty clear that one of … the reasons why we have seen this scourge emerge is the growth of cryptocurrencies because they enable payments to occur in a way that the normal financial system can’t track or block,” Daniel said.
Ultimately, experts said that it will be critical for public and private actors to work on several fronts to combat ransomware threats effectively.
“I think the effective approach is that it’s going to be steps taken in simultaneity,” said Phil Reiner, CEO at the Institute for Security and Technology’s Ransomware Task Force. “Steps need to be taken to deter this behavior, steps need to be taken to disrupt this behavior and steps need to be taken to prevent this sort of attack . We’re going to have to walk and chew gum at the same time.”