Ten years ago, ransomware attacks were inconvenient. But today, they present an apocalyptic national security threat capable of crippling infrastructure that the population depends on.
“No one country, no one group, can solve this problem,” National Security Advisor Jake Sullivan told reporters ahead of the White House’s 30-nation virtual conference on ransomware in October 2021. “We’ve recognized the urgency of the ransomware threat, the need to protect our citizens and businesses from it, and the criticality of international cooperation to counter it.”
The White House’s decision to treat ransomware attacks as an international crisis is a relief to cybersecurity advocates. According to the U.S. government, ransomware payments reached more than $400 million across the world in 2020, more than four times 2019 levels. In the first quarter of 2021, they exceeded $81 million. By our own internal estimates, we predict the amount of ransomware payouts over the past two years is even greater than the U.S. government reports and could exceed $2 billion.
Projecting into the future, unless there’s an organized, transnational effort to combat these stateless crimes, entire cities and states could be gridlocked, global supply chains choked off, lives put in danger and billions of dollars frittered away in responding to these rapidly evolving and escalating threats.
In the week following the White House’s call to action, a Russian cybercriminal gang hacked the network Sinclair Broadcast Group, and U.S. candy company Ferrara disclosed it had been targeted by a ransomware group.
Ransomware attacks are proliferating at an alarming rate, magnifying in scope and targeting critical infrastructure. The Colonial Pipeline attack earlier this year caused gas shortages throughout the northeast, and hackers targeted an Israeli hospital in October in what has become an all-too-familiar attack vector. Given their viral nature and network effects, ransomware attacks are the technology pandemic of our time. If allowed to spread unchecked, they will wreak further havoc with utilities and other essential functions millions depend on.
The comparison we draw between the COVID-19 pandemic and a new technology crisis is not farfetched. Our analysis shows that over the past decade, ransomware attacks have multiplied from infrequent petty outlier incidents carried out by opportunistic individuals to highly-orchestrated, lethal threats from new and ever-morphing crime families. Ransomware demands have climbed from thousands of dollars to figures as high as tens of millions of dollars. And far from petty, these attacks—especially when waged on hospitals and other key infrastructure—could have dire consequences for nonpayment. And these threats are now confronting every organization with an internet presence, using ever more precise and targeted ransomware delivery mechanisms. These attacks have also evolved into incredibly sophisticated transnational criminal operations, complete with monetization strategies and even DIY franchise models.
Even more concerning, there’s increasingly an insider component. Gone are the days of rogue hackers sending phishing emails: The current generation of ransomware disruption involves recruiting individuals, often disgruntled employees, to distribute ransomware and then share in the proceeds. These criminal enterprises can afford to pay life-changing sums of money to individuals willing to infect their corporate networks. Rather than passing around infected files or finding website vulnerabilities, hackers approach ransomware-as-a-service with initial access brokers, which cannot be stopped by firewalls or traditional security software. Just as one positive coronavirus case infects an entire community, one bad actor can compromise their entire company’s network security. Although cybersecurity tools are effective for guarding against network vulnerabilities and penetration methods, they are not built for protecting systems from insider threats, or the flawed human element present in most cases.
Societal problems caused by bad actors are countered by an effective combination of policing, diplomacy and innovative technological countermeasures. The White House’s collaboration with 30 other nations is a step in the right direction for addressing this growing threat together as a global community. As the targets of ransomware attacks continue to include local and federal governments, with a recurring emphasis on hospitals, we will need cooperation at every level to break up these threats to our well-being and safety.
President Biden is right to act with urgency and speed. Without treating ransomware as a clear and present danger, this threat will grow just as insidiously, explode with the same ferocity and wreak the same global economic, infrastructure and social destruction as did another virus in recent history.