Ransomware knows nary borders. An lawyer with cybersecurity expertise suggests the lone mode to halt ransomware is for nations to make a planetary solution.
Ransomware has grown beyond a cybersecurity menace into a planetary menace. Fredric Bellamy, an lawyer astatine Dickinson Wright with acquisition successful intellectual-property litigation arsenic good arsenic information privateness and cybersecurity law, believes it is clip to instigate planetary laws authorizing nations to enforce authoritarian responses successful bid to decision cybercriminals and ransomware.
No idiosyncratic oregon enactment is immune to ransomware
Ransomware is not picky–businesses and governments of each sizes and constitution are being victimized by it. "And their customers, proviso chains and citizens are besides being affected," said Bellamy successful an email interview. "From market stores incapable to merchantability food, unit astatine hospitals and aesculapian offices incapable to entree diligent records, and disrupted metropolis services, ransomware is simply a immense and increasing menace, not lone for those whose machine systems are paralyzed but besides for downstream victims."
The ransomware menace is increasing
The fig of palmy ransomware attacks is increasing by leaps and bounds; Bellamy adjacent takes a hard look astatine why.
Capability increases with success: It's elemental actually–making immense amounts of wealth let cybercriminals to:
- Purchase amended reconnaissance.
- Pay much for zero-day exploits and methodology to sabotage systems.
- Obtain blase endowment that specializes successful antithetic aspects of ransomware.
Availability of cryptocurrency: The ubiquity and convenience of bitcoin and cryptocurrency exchanges alteration cybercriminals to extort ransoms that are harder to hint than accepted government-issued currencies.
Asymmetry of hazard and reward: Again, it's each astir money. "Ransomware is accelerating due to the fact that criminals are getting rich, and the risks of getting caught and prosecuted are low," explained Bellamy.
To wage oregon not to wage the ransom?
Most governments counsel against paying ransoms. "The U.S. authorities advises individuals and businesses alike not to wage ransoms to criminals, and adjacent warns that payments to state-sponsored groups nether planetary sanctions whitethorn beryllium illegal," stated Bellamy. "Yet the government's quality to constabulary against ransomware is problematic astatine best, leaving everything from nutrient to gasoline supplies and transportation of aesculapian and dental services astatine risk."
What astir ransomware insurance?
Bellamy does not mince words. "Suggesting that defeating ransomware is simply a substance of champion cybersecurity practices rings hollow successful a satellite successful which blase businesses that instrumentality cybersecurity seriously—such arsenic exertion arsenic good arsenic security companies—have been victimized by ransomware attacks," added Bellamy.
That said, Bellamy besides believes it is inactive important to punctual businesses and governments to employment cybersecurity champion practices but suggests ransomware security is counterproductive. "Ransomware security is not the reply to the problem," wrote Bellamy. "That benignant of security whitethorn beforehand the maturation of ransomware by making it adjacent much predictably profitable and professionalizing it."
Ransomware is simply a signifier of modern piracy
Interestingly, Bellamy considers ransomware to beryllium the modern equivalent of piracy connected the precocious seas. "Historically, pirates roamed the seas attacking ships for profit," writes Bellamy. "Like cybercriminals, the sea-going pirates were often sponsored, oregon astatine slightest tolerated by federation states."
Like those engaged successful the dispersed of ransomware, sea-going pirates had an asymmetry of hazard and reward. They were precise palmy astatine their trade–in particular, kidnapping citizens for ransom portion seldom facing prosecution. What yet stopped sea-going piracy was strict planetary enforcement and the imposition of terrible penalties connected the offenders.
Bellamy is not the lone 1 comparing cybercriminals who absorption connected ransomware to sea-going pirates of old. He refers to Noah Feldman's Bloomberg Opinion article Big Cyberattacks Should Be Handled by Nations, Not Lawyers (published May 13, 2021), which includes this passage:
"How piracy went from menacing seaborne menace to charming comic opera implicit the people of the 19th period should springiness policymakers immoderate hint astir however to forestall attacks by cyber pirates, similar the ransomware onslaught that crippled the Colonial Pipeline this week."
Why planetary practice is needed to combat ransomware
Bellamy is adamant it's clip to halt blaming businesses for their inability to support themselves adequately against ransomware and admit that this is an planetary situation requiring the diplomatic efforts of nationalist leaders to enactment toward a planetary solution.
"Nations request to enactment retired planetary agreements for prosecuting cyber pirates based connected cosmopolitan jurisdiction, readily-shared information, cooperative prosecution, and astir critically, planetary sanctions against rogue nations that harbor cyber pirates," advised Bellamy. "Piracy needs to alteration from a lucrative and low-risk signifier of organized transgression to a top-priority absorption of planetary government-level negotiations to get astatine tough, workable solutions."
What Bellamy is asking for seems immensely difficult, but humankind has a wont of rising to the occasion.
Cybersecurity Insider Newsletter
Strengthen your organization's IT information defenses by keeping abreast of the latest cybersecurity news, solutions, and champion practices. Delivered Tuesdays and ThursdaysSign up today
- Top 5 much things to cognize astir ransomware (TechRepublic)
- Kaseya attack: How ransomware attacks are similar startups and what we request to bash astir that (TechRepublic)
- Ransomware attackers are increasing bolder and utilizing caller extortion methods (TechRepublic)
- How to forestall ransomware attacks with a zero-trust information model (TechRepublic)
- How to go a cybersecurity pro: A cheat sheet (TechRepublic)
- Social engineering: A cheat expanse for concern professionals (free PDF) (TechRepublic)
- Shadow IT policy (TechRepublic Premium)
- White House urges mayors to conscionable with authorities cybersecurity officials connected ransomware (ZDNet)
- Cybersecurity and cyberwar: More must-read coverage (TechRepublic connected Flipboard)