The Complexities of Ransomware Attacks

Businesses around the globe are turning digital, causing the cybersecurity landscape to change rapidly.  In recent years, new threats and trends become increasingly prevalent, and ransomware continues to be a significant threat.

Why is it called a “ransomware”?

Ransomware has earned its name from the extortionate nature of the malware designed to block access to a computer system or file, until a sum of money is paid to the attacker, or for other non-financial motivations.  Cybercriminals often target businesses, critical infrastructure or even individuals, demanding the victims to satisfy their motives in exchange for decrypting or restoring access to the compromised computer system or data.

Due to the significant consequences usually following the ransomware attacks such as data loss, financial damage and operational disruptions, the creation, distribution and use of ransomware are illegal in many countries, including the United Kingdom.  The specific types of ransomwares may vary, but they generally fall under broader categories of cybercrime legislation, forming a network of local protection.  The primary legislation relating computer misuse and cybercrime is Computer Misuse Act 1990, coming into force more than 30 years ago.  Under this Act, deploying ransomware for unauthorised access to computer systems for the purpose of ransom, and other related activities are criminal offences with significant legal consequences including fines and imprisonment.

So, are local laws and regulations sufficient to offer protection against ransomware attacks?

While there is a local framework of legislation available to address to cybercrimes conducted locally, the global nature of this cybercrime attack (like most of them) often originate from international sources where criminals operate from countries with weaker or non-existent cybercrime legislations, rendering tracking and apprehension of perpetrators cumbersome.  Identifying true culprits behind a ransomware is always not straightforward, even when Interpol, or the International Criminal Police Organisation, is involved because of the level of sophistication and rapid evolvement of the attackers’ techniques to disguise their identities. Ransoms involving financial motivations are typically demanded in cryptocurrencies offering a high degree of anonymity and the currency is decentralised in nature (meaning the currency is not owned, managed or controlled by any central banks).

Common situations which make victims see ransom payment as the only viable option:

• Files are critical for personal, or business reasons and they need to regain access to the files quickly.

• Impossibility or difficulty to recover lost files without paying the ransom.

• Permanent loss of valuable data resulting in a damage to personal or business reputation.

• Cost of recovery of data or information outweighs the ransom payment.

• Time consuming in the data or information recovery process – hiring of cybersecurity experts, implementation of security measures and potential business downtime during the recovery process.

Even though ransom payment is seen as a quick fix to ransomware, victims must be aware that payment does not guarantee the recovery of data and information and is likely to increase their chances of being targeted by the cybercriminals again for financial incentives.  At the moment, there is no single or simple solution to ransomware attacks, and individuals and organisations are recommended to focus on prevention, prepare for recovery through secure backup strategies and install robust cybersecurity measures.

Because ransomware, like most other cyber threats transcends national borders, the fight against ransomware requires close collaboration between governments through continuous improvement in technology, intelligence sharing, and the development of international legal framework.  Today, Interpol remains the primary inter-governmental organisation with law enforcement powers to combat all types of crimes, including cybercrimes, but internationally, the demand for skilled cybersecurity professionals continue to outpace the supply.