Have you ever felt the fear of having your personal information shared in the increasingly volatile virtual space? What would you do to prevent some of this information from leaking? If you are like most people, then chances are you would be willing to pay anything you can afford to avoid embarrassment and exposure that such an event would bring. In other words, you would be open to ransomware.
In many ways, ransomware has increasingly grown into being a threat to national and international security. In recent years, cybercriminals have escalated their attacks on critical IT and government agencies, necessitating the need for cybersecurity officials to put in place the needed ransomware protections to not only avoid losses but also ensure that people do not miss the critical services they need. Various sectors are affected in different ways as displayed in the graph below.
Adapted from Verizon Data Breach Report, 2015.
For many people, there are services that are almost a part of them. Their daily lives are intertwined with these activities and services. Services like telecommunications, healthcare, power services, water and transport are so essential to many people in terms of the services they provide and the people they employ both within the government and in the private sector. It is little wonder then that ransomware often targets critical infrastructures and end up fleecing the organizations for services to be restored.
Ransomware on a Global Scale
It is important to admit from the outset that the nature of ransomware has been complicated by the globalization of the worldwide web and the increased ability of cybercriminals to stage ransomware attacks from anywhere in the world provided that they have access to the infrastructure they need to launch these attacks.
What makes this situation even scarier is the thought that for even while one government may be quite committed to weeding out the ransomware and fighting the online criminals; it is not always true that a country may have extradition agreements with all nations that are used as launch pads to the cyber-attacks.
Operating in Anonymity
Ransomware is a cause of worry to any organization that deals with confidential information or whose equipment includes trade secrets and confidential agreements. Organizations like healthcare and telecommunications contain confidential information that governments or even the private organizations themselves would not want the criminals to leak. With their increasing boldness, ransomware criminals are demanding higher ransoms and blackmailing organizations into giving payments or face the risk of having their sensitive information already stolen from the organizations leaked by the criminals.
The complication with this is that these efforts are not only led by sophisticated criminal gangs but also private entities that have the skills needed to navigate the dark underworld of ransomware certain that they would never be caught. While handling organizations would be easier, detecting individual entities makes the fight even more difficult.
Ransomware Beyond Computers
When many people hear of the term ransomware, they immediately associate it with the compromises that go on with computer systems. In reality, ransomware has impacts that go much more beyond computers. Mitigating its effects therefore ought to go beyond looking at the IT departments alone, but the overall impacts that it has on the entire business.
In recent weeks for example, a cyber-attack has interfered with energy supply in several regions across the United States. In recent years too, ransomware has increasingly targeted healthcare organizations too. Some very popular ones like the United Kingdom’s National Health Service (NHS) have been victims of ransomware attacks prompting not only huge losses following the slowing down of IT systems but also interruption of services through appointment cancellations and turning away of patients who sought treatment (Collier, 2017). The ransom paid to the organizations has been increasing over the years evidenced by the statistics below.
Source: https://phoenixnap.com/blog/ransomware-statistics-facts
A number of reports have indicated that to fight ransomware conclusively, then the fight has to be taken to their doorsteps. By crippling their own ability to organize, mobilize and disrupt critical infrastructure, they would in effect be phased out gradually. However, this proposal is countered by the fact that some ransomware groups are selling their skills to foreign governments, making some states the official sponsors of ransomware activities. Fighting such gangs then become near impossible.
For many illegal groups and skilled individual cybercriminals, ransomware is a lucrative business. Their possession of private information means that they can always blackmail organizations into repeated episodes of paying ransom. Ransomware has placed many lives in danger by the sheer access to confidential data and the slowing down of critical services. To defeat it would be a victory for both technology and people of good will.
References
Collier, R. (2017). NHS ransomware attack spreads worldwide.