A global coalition of technology companies and law enforcement bodies is calling for “aggressive and urgent” action against ransomware.
Microsoft, Amazon, the FBI and the UK’s National Crime Agency have joined the Ransomware Task Force (RTF) in giving governments nearly 50 recommendations.
Ransomware gangs are now routinely targeting schools and hospitals.
Hackers use malicious software to scramble and steal an organisation’s computer data.
The RTF has submitted its report to President Biden’s administration.
It argues that “more than just money is at stake” and says that, in just a few years, “ransomware has become a serious national security threat and public health and safety concern”.
RTF co-chair Jen Ellis, from cyber-security company Rapid 7, says: “Citizens are being impacted by this every day. It’s having a huge impact on the economy and the ability for ordinary people to access critical services.
“Not only that but, really distressingly, the funds that come in from paid ransoms fund other forms of organised crime, like human trafficking and child exploitation.”
The UK’s National Cyber Security Centre, also a member of the Ransomware Task Force says it handled more than three times as many ransomware incidents in 2020 than in the previous year.
“It felt huge”
“It was a Sunday morning in October last year when I got a call about problems with our IT systems,” says Rob Miller, director of information and communications technology for the London Borough of Hackney.
“It quickly became apparent that it was a serious cyber-attack.
“We had to lock everything down and switch off the internet for all of our systems. We have services running 24/7 for nearly 300,000 residents, and it felt huge and really worrying.
“We knew that there was a huge challenge ahead of us, and the whole council had to pull together across all departments to get key services back up and running as quickly as possible.
“The damage done was really significant with things like housing repairs, benefits payments and land registry all impacted.
“It’s going to be months until we’re fully recovered, and I can’t understand the motivation behind this for the criminals.
“You sit there and look at the impact on local communities especially in a time of a pandemic.
“I can’t imagine anyone who would think it is OK to cause that much damage to services at a time like that. It’s hard to comprehend.”
The secrecy and stigma associated with ransomware attacks makes it extremely difficult to calculate a true picture of the number of attacks and costs.
The FBI says that nearly 2,400 US companies, local governments, healthcare facilities and schools were victims of ransomware in the last year.
RTF researchers confirmed hundreds of major attacks took place around the world last year, including in the UK, Brazil, Germany, South Africa, India, Saudi Arabia and Australia.
Cyber-security company Emsisoft estimates that the true global cost of ransomware, including business interruption and ransom payments in 2020, was a minimum of $42bn (£30bn) and a maximum of nearly $170bn.
A survey by Veritas Technologies found that 66% of victims admitted to paying part or all of the ransom.
The RTF is recommending that governments make it mandatory for victims to report if they do pay criminals.
‘My company was dead’
“I couldn’t believe it when we were hacked,” says Martin Kelterborn, chief executive of Offix Group in Aarburg, Switzerland, which was attacked in May 2019.
“I went into my IT department and the manager was pale and clearly shocked. He told me everything had gone. We watched live as all our product pictures for our websites were encrypted one after the other.
“I had 230 employees coming to me asking what to do. We had tens of thousands of orders, but no computer systems to sort through them.
“At one point me and my boss actually wrote a press release declaring that the company was dead and out of business. They were the worst three weeks of my life.
“The hackers were the Ryuk ransomware gang and they demanded we pay them 45 Bitcoin, which was about half a million dollars.
“Yes we did consider paying, but in the end they actually destroyed so much of our system that we needed to rebuild anyway. Recovering has cost us about the same: half a million dollars.”
The RTF’s other recommendations to governments include:
- designate ransomware attacks as a national security threat
- create a “response and recovery fund” to support ransomware victims and help them recover
- increase regulation of cryptocurrency services
- exert pressure on nations which are complicit, or refuse to take action against domestic ransomware groups
For years cyber-security organisations have alleged that ransomware gangs are operating openly in North Korea, Iran and Russia.
Earlier this month, the US government sanctioned multiple Russian entities saying that the Kremlin “cultivates and co-opts criminal hackers, including the previously designated Evil Corp, enabling them to engage in disruptive ransomware attacks”.
Last week it was reported that the US Department of Justice had formed an internal team to deal with the increased threat of ransomware.