In recent years, ransomware has increasingly appeared in headlines. Just this past summer, the largest fuel pipeline company in the US, the Irish Health Service and the Swedish supermarket chain Coop were afflicted by ransomware. Ransomware is a malicious type of cyberattack which aims to encrypt the victim’s files and demand a ransom—a specific sum of money—in return for restoring access to the files. Many of these types of attacks are targeted at unlucky individuals who click on a suspicious link in an email, but a growing amount of corporate and state actors have been victims of ransomware. Many of these recent victims are responsible for maintaining our 21st-century infrastructure. Is it time the world wakes up to the threat of ransomware?

The short answer: Yes.

Ransomware is not just a national security issue, these types of attacks demand prompt attention by the international community. As the global economy is more interlinked than ever, if a business falls victim to ransomware, their clients are affected regardless of their location. When a big multinational is targeted, a single attack could have a shockingly wide reach.

Sweden experienced this first-hand when the supermarket chain Coop had to close over 800 stores in the country for days due to a ransomware attack targeting  Florida-based IT company Kaseya. Coop itself wasn’t a direct customer of Kaseya, but a customer of a company that Kaseya provided a network for. In fact, altogether, the attack disrupted the activities of approximately 1500 organisations globally. This demonstrates the scale of impact one ransomware attack could end up having. An attack on one organisation threatens to affect a large network of other indirect victims. Things get especially serious if one of these organisations or businesses deals with matters of public security or safety.

In May, over 800 stores of the supermarket chain Coop were forced to close in Sweden due to a ransomware attack (Photo: Jeppe Gustafsson / Shutterstock.com)

Before discussing the possible motives or implications of such attacks, let’s look more closely at what ransomware is exactly, who is targeted, and who are behind such attacks.

Ransomware is a type of malware (software designed to cause damage), which aims to encrypt victims’ files and thus make those files, and any systems or services that rely on them, unusable. Sometimes, the attackers also threaten to release or spread confidential information stored in such files. The attackers then place an ultimatum on the victim: to pay a hefty sum in return for the decryption key that would restore their access to the files.

According to a report conducted by the PaloAlto Networks, a US cybersecurity company, the average ransom paid in a single ransomware incident in 2020 was $312,493—a 171% increase compared to the preceding year. Ransomware criminals are making more money than ever. And the figures are on the rise.

The Colonial Pipeline system is responsible for 45% of the fuel supply in the eastern United States. After being targeted by a ransomware attack last May, the company was strongarmed into paying 4.4 million dollars in ransom to the criminals behind the attack. Apparently, the malware reached the company’s systems through a VPN used by its employees working from home. The Guardian suggests that, through similar systems, working from home during the pandemic has opened new doors to criminal groups.

Alongside energy and food suppliers, healthcare systems have been targets of ransomware in recent years.

In July, the Irish Health Service (HSE) was demanded 20 million dollars as ransom by the Russian cyber-criminal group Conti. The disruptions in HSE systems led to thousands of patients, including cancer patients, having delays in their treatments and appointments. Conti eventually gave out the decryption key for free, but regardless, the target and impact of the attack prove the maliciousness of ransomware.

Similarly, in 2017, when the WannaCry ransomware attack disrupted the systems and services of the NHS, at least 6 900 patients had cancelled appointments and ambulances were diverted from the hospitals. The attack had, at the time, the widest and fastest spread compared to any previous cyberattack. Interestingly, the demanded ransom was only 300 dollars, indicating that the motive was to cause chaos and disruption rather than financial gain.

Petrol stations across the US were out of stock after the Colonial Pipeline ransomware attack last May. (Photo: vs148 / Shutterstock.com)

According to the Guardian, all of the major ransomware attacks threatening public safety  this year have been linked to cybercriminal gangs located in Russia, indicating that the country is offering a safe haven for the operations of such gangs. The issue has made politicians in the US, the UK and the EU raise their voices and rush to improve cybersecurity responses. Ransomware and Russia’s role in providing operating grounds for criminals was allegedly discussed between the US president Joe Biden and the Russian president Vladimir Putin during the Geneva summit discussions in June, as well as later on  during a phone call between the two presidents.

However, different views on the issue seem to persist between the two governments on the nature of these talks as well as Russia’s involvement in the issue.

As our economies are increasingly globally interlinked (especially when it comes to online services), it is clear that the response, nor the solution to the issue, can be unilateral. If the victim of a ransomware attack happens to be a company in the US, the effects of the cyberattack can be felt across the globe. Public safety is not protected by borders when the target is a large multinational with clients all over the world.

Cybercrime transcends borders much faster than any other form of criminality. No country can or should deal with it by itself. Therefore, ransomware requires attention on the international level. Multilateral negotiations and regulations are urgently required to stop the expansion of cybercriminal groups and their activities. Additionally, an open exchange of skills and knowledge will be essential in building a globally strong defence against such criminal actors. As threats on public safety have moved online, they pose a new challenge to international cooperation on “national defence”. Only time will tell how wisely global leaders will rise to this challenge.

Emma Baker