Can The US-Led Multinational Counterattack Stop Ransomware’s Gold Rush?
By Camellia Chan, CEO & founder of Flexxon
I was honored to be one of the representatives from 36 nations, the EU, and private sector companies who convened October 31-November 1 for the Second International Counter Ransomware Initiative (CRI) Summit at the White House. The borderless nature of ransomware threats demands close cooperation among nations to fortify against opponents whose threats are as dangerous as physical aggression. United States ransomware payments set a record in 2021, with almost 1,500 filings valued at a total of nearly $1.2 billion, a 188% increase from 2020. The US spearheaded the CRI, with express objectives of increasing “the resilience of all CRI partners, disrupt cyber criminals, counter illicit finance, build private sector partnerships, and cooperate globally to address this challenge.”
I participated in the capacity of a private sector organization as a part of the Singapore delegation, which is charged overseeing the CRI focus area of countering illicit finance together with the UK. The dialogues that have taken place over the first two years are an indispensable first step in making inroads in a war of attrition against formidable cyber criminals from around the world. But make no mistake, the CRI was not only about talking about the problem. The international cooperative took concrete actions to protect citizens, corporations, and governments from these unrelenting forces. The CRI’s efforts to establish open lines of communication and collective action are a significant step forward, but we must next look toward setting agreed-upon international standards through the contributions of each member organization before a more tangible impact can be seen.
A global, long-term battle of attrition against ransomware criminals
At the summit CRI partners made concrete commitments, including but not limited to initiatives like biannual counter ransomware exercises, coordination of priority targets through a single framework, and delivering an investigator’s toolkit. The important thing is that everyone focused on a singular objective through increased intelligence sharing, aligned frameworks and guidelines, and coordination of actions. I am heartened to witness the world’s leaders cooperating on adopting a pragmatic view of the ransomware landscape and acknowledging the ingenuity of cybercrime networks, as well as accepting that we are all engaged in a long-term, ongoing battle of attrition. However, the conversations were still centered in a traditional mindset toward cybersecurity, which may leave gaps in a less than holistic strategy. To provide the best possible chance of thwarting ransomware attacks, it is imperative that we integrate our best defenses by also including the physical computing layer, moving to a more holistic protocol. In the last two years, cybersecurity software continued to be reactive, and thus allowed hackers to conduct their activities largely unchecked. Once cybercriminals have gained access to organizations’ systems or their valuable data, it is too late to remedy the situation. Thus, tremendous volumes of ransoms were remitted, estimated to cost $20 billion worldwide.
Combatting a borderless threat to national security
A global problem that transcends borders must be addressed with a global yet borderless approach. However, how do we address a global problem that is simultaneously borderless and yet still threatens the national security of many countries? According to reports, Russia-related variants accounted for about 75%, or 594, of the 793 incidents reported during the second half of 2021. Beyond the payment outcome of being held for ransom, nations must also consider what valuable data, information, or goods the hackers are using to hold organizations ransom. We may see more cybercriminals doing the bidding of state actors to stir up political dissent and orchestrate social engineering attacks and confusion.
Cybercriminals cannot be allowed to act without consequence. Thus, crimes occurring in cyberspace should be met with equal severity as those in the physical realm. To that end, I believe the task force’s commitment to pursuing and sanctioning responsible state actors or individuals is wholly correct. For instance, the decision not to provide ransomware actors with safe havens is similar to individuals found guilty of other forms of major financial fraud, dangers caused to public safety, and espionage.
Cross-border cooperation is essential and must have a place across the entire cybersecurity life cycle. The governments of all countries must look towards adopting new technologies to plug existing gaps, keeping channels of communication open for greater multi-lateral cooperation, running joint response drills and exercises to sharpen unified incident response capabilities, and critically, fostering greater collaboration between the private and public sectors.
Public sector and private companies partner to mitigate ransomware threats
The average total cost of a ransomware breach in 2021 was $4.6 million. As the prime targets which bear the greatest financial burden of attacks, corporations are in a unique position to supply critical technical intelligence about ransomware. The CRI aims to institute real engagement between governmental organizations and corporations for “trusted information sharing and coordinated action.” CRI participants made commitments to engage in active information-sharing between the public and private sectors, including through new platforms, on actors and tradecraft. Private sector insights into the whereabouts and actions of ransomware actors from across the internet can effectively complement state capabilities in this aspect – enabling an unfettered two-way flow of information between private and public sectors. They also launched plans to develop a capacity-building tool to help countries utilize public-private partnerships to combat ransomware.
The next stage of holistic cybersecurity defense should incorporate hardware and embedded solutions into the overall infrastructure to stop hackers in their tracks in a small, sealed, and fully engineered environment at the data storage level. To continue the momentum, governments can advance comprehensive programs by focusing on supporting research & development, embracing new approaches, championing the swift adoption of new innovations, initiating pilot programs, enabling the ease of acquisitions, and lowering barriers to trade.
Defending an ever-expanding attack surface against ransomware
2021-2022 has proven to be a golden age for ransomware criminals as reports of ransomware attacks ballooned by 62% in 2021 over 2020. The physical layer continues to be overlooked and software cybersecurity solutions continued to struggle to address countless threat variables in the open environment. Criminals have increasingly targeted managed service providers, the software supply chain, and the cloud. The adoption of new technologies has introduced new opportunities to criminals. As the attack surface expands, more individuals work remotely, and Web3 and cryptocurrency rise in prominence, cybercrime rings evolved to “operate commercially.” In 2022, we have witnessed more ransomware attacks tagged to cryptocurrencies.
Crypto winters and cybercrime summers
We shouldn’t expect that the current crypto winter will deter the criminals from exploiting the blockchain, however. Cryptocurrencies are an asset class, but do not dictate the stability and continued innovation seen in the Web3 space. Cybercriminals will continue to target Web3 blockchain platforms as their user base grows, not only targeting crypto assets but other essential personal information that can be leveraged for ransom. As we are seeing right now, cybercriminals will also shift to other avenues of attack for large impact and payouts – with the same objective as always. They will aim to access and exfiltrate data and hold victims for ransom. They will focus more on critical infrastructure with cyber-physical systems, upon which attacks have quadrupled in the past year.
An important first step in a coordinated counterattack
This year’s second gathering of CRI filled me with optimism about stopping cybercriminals’ bleeding of our resources and robbing us of our security. This is a global work in progress with great potential. Multinational efforts come with exceeding complexity, given nations’ varying legal and regulatory authority that can hinder actionable cooperation. I am gratified that we have taken the first step of developing a universal framework that focuses on thwarting cybercrime for the benefit of all nations and organizations operating within them. In the future, we can work towards finetuning the framework to respect the differing governing laws of each jurisdiction.
With the lightning-speed, often undetectable nature of cyber intrusions and level of technological connectedness that society exists in today, ransomware poses an existential threat to governments, businesses, infrastructure, and individuals. Cybercrime is our global fight, and the public and private sectors must combine knowledge, experiences, and insights to achieve a higher level of cyberthreat prevention. I have seen this approach working firsthand in Singapore, where The Cybersecurity Agency of Singapore’s Cyber Safe Partnership Programme collaborates with industry players to develop training modules, products and services, and community outreach to raise awareness and encourage the adoption of good cybersecurity practices. This supports the development and evolution of the country’s foundational cybersecurity toolkit and encourages a healthy ecosystem of cooperation.
About the Author
Camellia Chan is the CEO and founder of X-PHY, a Flexxon brand. Since its inception in 2007, Camellia has grown Flexxon into an international business with a presence in over 50 cities. With Camellia’s passion for innovation and tech for good, Flexxon continues to expand its essential suite of cybersecurity services through its flagship X-PHY brand.
Camellia can be reached online at @XphySecure and at our company website: https://x-phy.com/