41. Behind the rise of ransomware
- Author:
- John Sakellariadis
- Publication Date:
- 08-2022
- Content Type:
- Policy Brief
- Institution:
- Atlantic Council
- Abstract:
- This issue brief investigates the drivers of the ransomware surge that menaced the United States in the summer of 2021, explains why these attacks remain a persistent threat today, and offers recommendations for mitigating the problem in the future. The 2021 surge in ransomware activity stems from a change in how criminals launch ransomware attacks. Between 2016 and 2019, cybercriminals shifted away from automated ransomware campaigns that emphasized scale to targeted extortion operations against organizations and established businesses. This adaptation made ransomware more disruptive and more profitable, eventually attracting the attention of well-organized cybercrime gangs. The intensification of the ransomware epidemic from that point until the attack on Colonial Pipeline resulted from the growing adoption of this new extortion model among criminals. Though the US government has devoted more attention to ransomware over the ensuing months, ransomware remains a significant and long-term threat to the US economy. Three factors drive the persistence of the problem: the presence of a vast pool of security-poor organizations, the availability of a poorly regulated monetization pipeline in the form of cryptocurrency, and criminals’ ability to evade law enforcement by exploiting jurisdictional boundaries. Mitigating just one of these conditions, let alone all three, will demand years of sustained effort. Because the US government cannot eliminate ransomware overnight, it must begin planning how to manage the problem over the long term. To do so, it should start by investing in new efforts to improve the defenses of small- to medium-sized entities. The ease of compromising these organizations has been key to fueling the appetite for ransomware attacks. Yet, many of these organizations lack the personnel, incentives, and contracting power to secure their own networks. Moreover, the US government should require all US-based organizations to report ransomware payments to the government and publish quarterly reports with anonymized versions of the data. Comprehensive payment transparency offers the best way to measure success against ransomware over the long term. It will ensure that success against targeted ransomware is judged in terms of the overall volume of ransomware payments, not just the absence of attacks on high-risk or high-profile entities.
- Topic:
- Science and Technology, Cybersecurity, and Ransomware
- Political Geography:
- North America and United States of America