In 2020, ransomware caused businesses an estimated $20 billion in losses worldwide. Those losses were a substantial increase from 2019 when ransomware caused $11.5 billion in business losses. Not only is the ransomware scourge growing, but cybercriminals are also increasingly attacking smaller and smaller companies, often because they have less security in place.
Last week, a multi-industry Ransomware Task Force issued a long anticipated, extensive report regarding how to deal with the ever-increasing threat that ransomware is posing to businesses, and in turn, the global economy. Due to the broad composition of the task force, the report recommends addressing ransomware holistically and from a number of different angles; below you will find several highlights from this report. All companies, regardless of size, are strongly encouraged to work with outside counsel and forensic consultants to prepare for the ransomware threat.
The Payment Problem
The biggest challenge with ransomware is that victims are making the problem worse. That is, the more payments that the criminals receive, the more resources they can afford to contribute to their operations. While the report does not recommend making ransom payments illegal, it recommends that they be discouraged, if possible. For example, it recommends requiring companies to assess all options before paying ransom and creating a fund to help those companies who choose not to pay. It also recommends that the payments be discouraged by enacting laws that impose stricter regulations on cryptocurrency.
In addition, it urges insurers who end up paying ransom to aggressively assert their subrogation rights and pursue the cybercriminals. One suggestion is for the insurance companies to collectively create a subrogation fund to evaluate and develop strategies to recoup their ransomware losses and to work with law enforcement. That could prove crucial as cybercriminals are increasingly attacking companies that they know have cyber insurance. Those efforts, as well as insurance companies more frequently requiring their insureds to stronger protections and protocols, should help curb the ransomware epidemic.
The Safe Havens
As ransomware has become more and more lucrative, additional countries have been willing to act as safe havens for the ransomware criminal enterprises. To deal with that problem, the report recommends a few potential tactics, including exerting collective international pressure on countries who refuse the extradition of cybercriminals. It urges global cooperation regarding intelligence techniques and efforts to find and root out ransomware operations. A global problem demands a global response. Additionally, it calls for offering rewards to those who tip off authorities regarding ransomware enterprises. That could disincentivize countries currently acting as safe havens from continuing to do so.
A Holistic Approach
As there is no one solution to combating ransomware, a holistic approach to the problem dominates the report. Other suggestions to combat ransomware include the following:
- Encouraging companies to voluntarily share information regarding ransomware threats and attacks;
- Encouraging companies to strengthen protections and protocols through tax breaks;
- Public campaigns to educate companies regarding ransomware;
- Creating a standard practice for reporting ransomware attacks;
- Creating an extensive incident response network;
- Mandating that ransomware payments be publicly reported; and
- Tracking ransomware payments through cryptocurrency exchanges.
As you can see, the Ransomware Task Force recommends a holistic strategy to deal with the burgeoning ransomware threat. While this article was not intended to be an extensive review of all the strategies contained in the report, you should at least know the basics so you can prepare your business for the inevitable changes that may be coming.
What businesses can do to prepare? The first step is to have an internal risk discussion about potential ransomware threats, i.e. how is your electronic data stored, how is it protected, and what are the vulnerabilities? Next, you should create an incident response plan so you are prepared if a ransomware attack does take place. The plan should be more than theoretical. It should be routinely reviewed, practiced, and updated as the ransomware threat evolves. If you do not already have it, you should also obtain cyber liability insurance. If an attack does occur, you should work closely with your insurance carrier and go over all possible viable options other than paying the ransom.