EXECUTIVE SUMMARY:

Cyber security experts and federal authorities perceive ransomware as a deeply concerning national security threat. Should federal police pursue ransomware gangs with the same fervor and pace as they do with other criminal syndicates?

In 2020, research showed a 7-fold increase in ransomware attacks, as compared to 2019.  Initially, ransomware began as a “low-level” cyber nuisance. Nowadays, it represents a massive and punishing threat to organizations worldwide.

Ransomware gangs aim to extort significant sums of money from their victims. Billions have been lost by both public and private sector companies. In at least one instance, ransomware has led to loss of life.

Experts worry about ransomware’s potential to ensnare public infrastructure. Could a ransomware attack on the grid prevent Americans from keeping warm during the most frigid winter nights? And could that lead to mass casualties?

“It’s risen to the level of a national security threat. And when that is understood and accepted, that means you can shift priorities, for instance, within the intelligence community or within law enforcement,” says Philip Reiner, CEO of the Institute for Security and Technology, a cyber security focused non-profit.

Former director of international cyber policy on the NSC, Megan Stifel, stated that additional action is necessary across multiple legal and political channels. The private sector also has a role to play in curbing the ransomware threat.

“In some cases, that may be practical tools, but in others, it is going to require policy adjustment,” stated Stifel.

Ransomware recovery news

On Thursday, an American working group reappraised how the United States combats ransomware. The working group consisted of dozens of members from cyber security non-profits and major technology companies. Representatives from the Department of Homeland Security, the US Secret Service and the Federal Bureau of Investigation also participated in the conversation.

The intent is to aggressively pursue ransomware gangs. In relation to the ransomware threat, Homeland Security Secretary, Alejandro Mayorkas, declared “Those behind these malicious activities should be held accountable for their actions. That includes governments that do not use the full extent of their authority to stop the culprits”.

The US Justice Department has developed a parallel task force that will investigate the connections between cyber criminals, nation-states and ransomware’s proliferation.

Does the punishment fit the crime?

Recommendations from Thursday’s working group meeting include expanding the Racketeering Influenced and Corrupt Organizations Act. In addition to levying the penalties associated with this act on cyber criminals, the US may also wish to deny visas and apply political pressure on international government groups. If these initiatives appear to lack some muscle, part of the challenge is that ransomware gangs commonly operate in regions with which the US does not have extradition agreements.

The proposals also included tighter regulations around cryptocurrency, as some forms of digital payments are virtually untraceable.

Would legally requiring firms to evaluate all other options ahead of paying a ransom potentially help? Fewer payments would mean that ransomware would be less profitable for criminals. The idea is on the table.

“Business as usual is not going to work”, stated a co-chair of the working group, and CEO of the Cyber Threat Alliance non-profit, Michael Daniel. “We really need to think about how we can do this differently and what we can change that would actually affect the ransomware ecosystem”. A “ransomware recovery” for the US is possible; navigating this new terrain may take time.

For more on this story, visit The Wall Street Journal.