Ransomware’s rise: What can be done about it

A new report by John Sakellariadis for the Atlantic Council takes a deeper dive into the rise of ransomware over the past decade and is worth reading by managers looking to understand this marketplace.

Why is ransomware on the rise?

The report makes three main points about this question, which we’ll break down in detail.

More targeted and higher value ransoms demands

Ransomware cybercriminal gangs and markets have made adjustments to their original ransom demands and found a near limitless demand for targeted ransomware, enabling them to up their extortion demands. They were also helped by more effective ways to deliver their payloads, encrypt data, receive payments, and pressure victims. In 2020, the last year analyzed, many of the top criminal groups earned more than $10M in payouts, and one (REvil) earned $100M. The report walks through these developments and how the gangs got better at what they did and reaped the rewards. 

For example, REvil advertised that they were investing $1M to recruit new hackers, and the group behind Conti ransomware employs more than 70 people on its payroll, which of course is delivered via cryptocurrency. Others have become more full-service vendors, renting out their botnets and creating affiliate programs to expand their reach.

---

Further reading: Changes the ransomware landscape

---

Ransomware groups have also quickly embraced the “double extortion” method of demanding a second payout otherwise the stolen data would be leaked to the dark web.

Failed policy efforts and ineptness around crypto payments

The report mentions several factors: a large number of victims with sub-par security, the lack of any real enforcement in the cryptocurrency space, the difficulty in identifying the specific actors, and the legal patchwork that has enabled these criminals to operate without any real threat across international boundaries.

“Overall, the global nature of the money laundering networks that support cryptocurrency cash-out schemes inhibit the federal government from enforcing effective regulatory regimes cheaply or quickly,” the report states.

And as long as effective cybersecurity efforts remain costly and require continually investments in both staff and protective processes, the criminals will continue to seek out and exploit these softer targets. “Too often, small- to medium-sized organizations must choose between security or affordability,” says the report. 

Unsuccessful, poorly implemented federal legislative efforts

The report calls for implementing three policies:

• Mandated ransom payout reporting to the Cybersecurity and Infrastructure Security Agency within 72 hours of payment. These reports could be anonymous but include necessary details such as the sending and receiving crypto addresses and the payment amount. 
• Congress should establish a tax-relief program for small businesses to incentivize them to implement better cybersecurity practices. 
• Congress should also establish tax credits to small businesses that hire or retain cybersecurity professionals, perhaps modeled on the Work Opportunity Tax Credits. This will provide incentives to develop in-house cybersecurity expertise, and reduce staffing shortages in this critical area.

What’s to be done?

Quoting from the report itself, “It is imperative that policymakers measure success against targeted ransomware in terms of the overall volume of ransomware payments, not just the absence of attacks on high-risk entities. It is time to start investing in a more secure future.” 

To prevent being targeted by ransomware, both individuals and business should keep the following best practices in mind:

• Keep systems updated
• Invest in and make use of reliable security software
• Regularly back up files

---

Further reading:
Ransomware: A billion-dollar problem
1 in 3 small businesses is clueless about ransomware