Ransomware seems to have been the attack of 2020. Criminal groups have moved to using sophisticated techniques previously associated with advanced nation state actors, alongside a polished business model, with great success.
Not all groups are sophisticated, but there is a common set of techniques used by more advanced groups that we review as part of our ransomware risk assessment service.
There is widespread reporting of ransomware because of the household brands targeted and the tactic of ‘going public’ used by crime groups to force a victim to negotiate. These cases are the tip of the iceberg in our experience, and many attacks simply rely on denying access to data through encryption rather than the threat of a data leak and subsequent publicity.
We think that in the short to medium term, ransomware will continue to flourish. Whilst a rise in attacks and ransom payments has increased many of these are being borne by insurers not organisations themselves or the public purse. It may be the insurance industry that holds the key to driving change. For example, more focused scrutiny during the underwriting process, or a macro-level reduction in capacity to pay ransoms, will change the ransomware market. Historically the Lloyds market has been at the forefront of innovation, being a significant contributor to wireless technology alongside Marconi.
There is also a move to a stance similar to 'not negotiating with terrorists' among some organisations with some publically refusing to pay.
Even with these steps it feels unlikely today that ransomware will be stopped without regulation or legislation to remove the payment of ransoms. The US Treasury offered a stern warning alongside sanctions against specific individuals and ransomware groups.
The addition of cryptocurrency addresses to US sanctions lists is a step towards Government intervention, although anecdotal evidence suggests that ransomware gangs are finding ways around this issue.
An entire market has emerged around the paying of ransoms, with several businesses selling themselves as being able to pay ransoms quickly. They target insurers specifically, with advertising on websites visited by insurers announcing the ability for cryptocurrency payments to be made immediately. The Office of Foreign Assets Control also hinted that these providers will be targeted saying that, "Companies involved in facilitating ransomware payments on behalf of victims should also consider whether they have regulatory obligations under Financial Crimes Enforcement Network (FinCEN) regulations".
Increased scrutiny on the role of cryptocurrency service providers and their controls may also mean criminals have a harder time extracting and laundering their extortion demands.
In the longer term, tackling cyber crime means tackling its underlying drivers. Cyber crime is born from a multitude of factors such as the perception of a low risk of arrest, the ease of transiting international borders, and a lack of coordinated and capable law enforcement response at scale.
Cyber crime groups are made up of real people, which is easy to forget when presented with an unhelpful image of a hacker wearing a hoody in a darkened room. There are societal and economic issues that push people into cyber crime. A lack of opportunity in some countries, along with a technically skilled population and social acceptance of cyber crime as a job, can create a willing workforce.
We’ll be exploring all of these issues and scenarios for cybercrime in 2030 as part of our State of Cyber Crime 2020 report. You can sign up here for the launch.