Excerpt from Financial Times Article – Published on Sep 11, 2023

The ransomware industry has undergone a remarkable evolution, transforming into a complex supply chain that often operates beyond the reach of Western governments. A recent assessment by the UK’s National Cyber Security Centre, a part of GCHQ, and the National Crime Agency (NCA) reveals a concerning state of affairs. A decade after the advent of Cryptolocker, one of the first major ransomware attacks, the industry continues to thrive, exploiting the weak cybersecurity measures of businesses worldwide.

Ransomware criminals have capitalized on vulnerabilities and software weaknesses, creating a network of supply and demand for illicit access to compromised businesses. They’ve even developed franchises, allowing less-skilled individuals to participate in this lucrative criminal enterprise. Marketplaces have emerged, facilitating the trade of access to compromised entities.

One significant challenge in combating ransomware is the reluctance of certain jurisdictions, including Russia, Belarus, and other former Soviet Union countries, to crack down on these criminal activities. Ransomware operators have also been detected in regions like southeast Asia, India, and West Africa, adding to the complexity of international efforts to combat them.

James Babbage, a director at the NCA, acknowledges the difficulties in achieving traditional criminal justice outcomes against ransomware actors based in uncooperative jurisdictions. Instead, countries like the US and UK have resorted to technical means to disrupt criminal operations and impose sanctions on those responsible.

The assessment highlights that businesses could have mitigated many of these threats by improving their “cyber hygiene.” Simple measures such as implementing multi-factor authentication and ensuring strong passwords can significantly reduce vulnerability to ransomware attacks. Authorities have had some success in confiscating bitcoin wallets used by ransomware perpetrators, hampering their ability to make payments. However, many ransom payments are made secretly in cryptocurrency, making them nearly impossible to trace.

Estimates suggest that the ransomware industry has become a multibillion-dollar business. For instance, the Conti gang reportedly made over $180 million in 2021, including significant sums from UK businesses. High-profile incidents like the Colonial Pipeline attack in May 2021, which disrupted oil prices and operations for weeks, underscore the severe impact of ransomware on businesses. Yet, such attacks occur daily, targeting companies primarily in Western countries.

While authorities have improved their detection capabilities, cybercriminals remain ahead in terms of efficiency and speed. Recent data from cybersecurity company Sophos reveals that criminals can steal data in less than a day, while it takes authorities an average of five days to detect their presence on a network, down from eight days in 2022.

Sophos’s Chester Wisniewski notes a concerning trend: the increasing mechanization and professionalization among ransomware criminals. They not only act swiftly but also strategically target critical assets. As the ransomware threat continues to evolve, governments, businesses, and individuals must remain vigilant and adapt their cybersecurity measures accordingly to safeguard against this persistent and growing menace.

To delve deeper into this topic, please read the full article on Financial Times.