The International Criminal Police Organization, Interpol, has called for collaboration between police and industry to prevent a “potential ransomware pandemic”.
Ransomware, though not the most costly cybercrime – that title goes to business email compromise, according to the FBI 2020 figures for victim payments – has hit a nerve with world leaders and law enforcement agencies due to a spate of disruptive, high-stakes ransomware attacks in recent months, including on US critical infrastructure.
“Ransomware has become too large of a threat for any entity or sector to address alone; the magnitude of this challenge urgently demands united global action,” said Interpol secretary general Jürgen Stock.
SEE: Security Awareness and Training policy (TechRepublic Premium)
Interpol said more collaboration against ransomware was made in the face of its “exponential growth” in the wider cybercrime ecosystem, with criminals shifting their business model towards providing ransomware as a service.
An attack in June shutdown major eastern seaboard fuel distribution network Colonial Pipeline for days. Another attack that month on global meatpacker JBS USA netted its attackers $11 million, and this month’s ransomware supply chain attack on tech firm Kaseya affected the firm’s managed service provider customers and over 1,000 of their customers, including Coop, the fourth largest supermarket chain in Sweden.
According to the newly launched site, Ransomwhere, which tracks payments to ransomware attackers, the most lucrative operation right now is REvil/Sodinokibi – the ransomware-as-a-service platform behind the attacks on JBS and Kaseya.
The group has demanded $70 million to provide Kaseya a universal decryption tool, but this year alone it has grabbed $11.3 million in bitcoin payments.
“Despite the severity of their crimes, ransomware criminals are continuously adapting their tactics, operating free of borders and with near impunity,” said Stock.
“Much like the pandemic it exploits, ransomware is evolving into different variants, delivering high financial profits to criminals,” he added.
US president Joe Biden in recent talks with Russian president Vladimir Putin said critical infrastructure should be “off limits”. The White House press secretary said Biden told Putin that “if the Russian government cannot or will not take action against criminal actors residing in Russia, we will take action or reserve the right to take action on our own.”
The US stance is that the Russian government is still responsible for cybercriminals operating within its jurisdiction even if the activity is not backed by the Kremlin, which was blamed by the US for the SolarWinds supply chain attack.
SEE: Ransomware: Paying up won’t stop you from getting hit again, says cybersecurity chief
Exactly what action the US would take in the absence of a Russian-led clampdown remains to be seen. However, last week, asked whether it would make sense for the US to attack the servers used in ransomware attacks, Biden said, “Yes”, according to Reuters.
Interpol is looking to partner with private sector cybersecurity firms as well as government agencies and CERTs or computer emergency response teams to disrupt ransomware gangs.
“Policing needs to harness the insights of the cyber security industry, computer emergency response teams and other agencies to identify and disrupt cyber criminals as part of a true coalition, working together to reduce the global impact of cybercrime,” said Stock.