U.S. leadership organized a meeting with over 30 nations to figure out how to address the growing problem of ransomware. The results were unimpressive, lacking the bold innovation needed to stem the meteoric rise of ransomware that is targeting businesses and the critical infrastructure that citizens depend upon for security, health, services, and prosperity.
This was a wasted opportunity to establish a meaningful strategy that targets the heart of ransomware and deals a crushing blow to mitigate this risk to the global digital ecosystem.
Cybersecurity Insights Channel: https://www.youtube.com/c/CybersecurityInsights
Ransomware Explained playlist: https://youtube.com/playlist?list=PLuIYhlNYyCmn0cCA6OqHqfL_qGSsizxBF
Transcript:
U.S. leadership organized a meeting with over 30 nations to figure out how to address the growing problem of ransomware. The results were unimpressive.
First and foremost, I want to acknowledge the fact that the Executive branch recognizes the importance of the issue and has taken proactive steps to pull together a working coalition of nations.
But at the end of the day, the leadership of the most powerful country, with the greatest to lose from ransomware attacks, has missed by-a-mile, an opportunity to effectively crush ransomware in an expeditious and cost-efficient manner.
I am disappointed!
The results of the meeting, as documented in the joint statement released on Oct 14th, identify three main areas to apply focus. Resilience to attacks, disruption of finances, and international law enforcement cooperation.
All politically safe areas, but pedestrian and passive at best. Nothing bold, and even in aggregate, definitely not very effective.
The direction is largely responding to the criminals’ actions. The attackers have the initiative and set the tempo. These recommendations are allowing that to continue, instead of taking charge and cutting the heart out of ransomware.
What is outlined is simply putting expensive bandages on the wounds that ransomware inflicts, instead of stopping the attacks for occurring in the first place. Even adding more security, does not stop the attackers. It just makes them adapt, which they are good at, until they find the next weakest spot.
In fact, everything recommended, has been recommended previously and to some level enacted with little overall impact.
Let’s be more specific:
1st the report recommends a number of resilience efforts, such as data backups, strong authentication, social engineering education, and sharing best practices. These recommendations could have been crafted by a 1st year cybersecurity student. They are basics, but have not and will not stop the flood of attacks because the attackers constantly adapt and find new ways to victimize their targets. At best they can make it more challenging for attackers or improve your chances that someone else, with lesser security will be targeted, but attacks will still occur.
Secondly the recommendations go on to target one of the favorite tools of ransomware, cryptocurrency. Although ransomware predates cryptocurrency by a decade, it has been widely adopted by criminals because of the decentralized nature and pseudo-anonymity. In other words, its non-traditional ways that can make if very hard for governments to control. The recommendations, are not taking that into consideration and approaching it like traditional financial tools previously used by criminals. This translates to the fact it will have limited success, but they don’t want to talk about that.
Thirdly, the coalition partners want better international cooperation for law enforcement. Again, this is a great general practice for all crimes, but will likely not result in a major slowdown for ransomware. These criminals are well funded, organized, and adept at maneuvering around law enforcement. Granted, cooperation will help, but to be realistic it will not be a crushing blow to ransomware. Law enforcement is the tail end of an attack. What we need is to stop attacks from occurring in the first place.
Ransomware is a major problem and growing. A recent announcement by the US Treasury indicated they tracked over $5 billion worth of ransomware payments. This is in alignment with some of the ransomware crews self-reporting billion-dollar profits.
The ransoms are only the tip of the iceberg as there is more loss associated with the downtime of services and loss of data. When the city of Atlanta was hit with ransomware, several million people were affected by a loss of city services. When the Colonial Pipeline was attacked and paid $5 million, the outage affected the fuel supply of much of the US Eastern seaboard. Sadly, the insane ransom amounts, totaling in the billions, are not reflective of the bigger picture of loss.
Ransomware is growing quickly, tripling and quadrupling every year, and is set to dwarf all other types of cybercrime. And keep in mind that cybercrime already surpasses other crime, such as the global illicit drug trade. These criminals are willing and well experienced in dealing with law enforcement, basic cyber hygiene practices, and impediments to their financial tools. They are highly motivated and will persist as long as there is large sums of money to be made.
We cannot act in such passive, complacent, and shortsighted ways if we want to effectively stop ransomware attacks from happening, in a timely and cost-efficient manner. We must act with forethought and in strategic ways to take the initiative in undermining attacks from occurring in the first place.
It is possible! It is not easy. But I was hoping that with US leadership we would make the climb to rid ourselves of ransomware once and for all.
If you are interested in what such a path looks like, it involves disallowing payments to be made by victims, to sever the money flow to attackers in one decisive action.
I have several videos on the topic, covering what success looks like, examples of how such a strategy has worked in the past for similar situations, and how a region would go about making it happen.
I will put the links in the description.
