The international Counter-Ransomware members from 30 countries have issued a joint statement outlining their intent to take action to counter the growing threat posed by ransomware.

What Is Ransomware?

Ransomware is a form of malware that encrypts the important files on a computer and the user (often a business/organisation) is given a ransom demand, the payment of which should mean that the encrypted files can be released. In reality, some types of ransomware delete many important files anyway and paying the ransom does not guarantee that access to files will be returned to normal. Ransomware is primarily a profit-seeking crime which also commonly leverages money laundering networks to move ransomware proceeds.

How Big Is The Problem?

A recent White House fact sheet stated that “the global economic losses from ransomware are significant. Ransomware payments reached over $400 million globally in 2020, and topped $81 million in the first quarter of 2021, illustrating the financially driven nature of these activities.”

In March, The Palo Alto Networks, Unit 42 Ransomware Threat Report showed that the average ransom paid by a victim organisation in Europe, the US and Canada trebled from $115,123 (£83,211) in 2019 to $312,493 (£225,871) in 2020. The report showed that over the same period, the highest value ransom paid doubled from $5m (£3.6m) to $10m (£7.2m), and the highest extortion demand grew from $15m (£10.8m) to $30m (£22m).

Meeting

At the meeting of the Ministers and Representatives from the Counter Ransomware Initiative (held on October 13 and 14), it was recognised that the threat of ransomware is complex and global in nature and requires a shared response and will depend, in part, on the capacity, cooperation, and resilience of global partners, the private sector, civil society, and the general public.

Action

The joint statement outlines the following actions to be taken and to efforts to be made to tackle the ransomware threat:

– Improving network resilience to prevent incidents when possible and respond effectively when incidents do occur. This will involve the sharing of lessons learned and best practices for development of policies to address ransom payments and engaging with private sector entities to promote incident information sharing and to explore other opportunities for collective buy-down of risk.

– Addressing the abuse of financial mechanisms to launder ransom payments or conduct other activities that make ransomware profitable. This will involve using the national anti-money laundering (AML) frameworks to identify and mitigate risks associated with VASPs and related activities, and enhance the capacity of national authorities (regulators, financial intelligence units, and law enforcement) to take action.

– Disrupting the ransomware ecosystem via law enforcement collaboration to investigate and prosecute ransomware actors, addressing safe havens for ransomware criminals, and continued diplomatic engagement. This will involve cooperation between different stakeholders and international partners in the exchange of information.

– Using diplomacy to promote rules-based behaviour and encourage reasonable steps to be taken to address ransomware operations emanating from a particular territory.

What Does This Mean For Your Business?

Attempts to exploit the vulnerabilities created by remote working in the pandemic, businesses not having effective data backup procedures in place, the costs of downtime perceived as being greater than the cost of paying the ransom, low technical barriers to entry and a high affiliate earning potential, plus the growth of ransomware-as-a-service (RaaS) have fuelled a huge rise in ransomware attacks. Ransomware poses a big risk to critical infrastructure, essential services, public safety, consumer protection and privacy, and economic prosperity, and a bigger effort to tackle the threat is long overdue. The promising aspect of the joint statement by the Ministers and Representatives from the Counter Ransomware Initiative is that they have recognised the need for collaboration and help between multiple governments, agencies and organisations and using multiple means to make a real impression on the problem. Individual businesses can play their own part in protecting themselves through basic security measures. These include keeping antivirus software and Operating Systems up to date and patched (and re-starting the computer at least once per week), using a modern and secure browser, using detection and recovery software (e.g. Microsoft 365 protection and Windows Security), and storing files on cloud services e.g. OneDrive/Google Drive, IDrive, or whatever work-based cloud file storage systems employees are required to use, and having an effective, workable backup in place. Since ransomware relies upon human error to spread, staff should be educated about how to spot and deal with potential ransomware risks e.g., suspicious emails, Organisations should also realise that prevention is better and cheaper than cure and paying a ransom will not guarantee the return of vital files and system control, and that many files are deleted anyway by the attackers.