Share this article on:
As the ransomware economy booms and the threat continues to grow, Claroty’s Leon Poggioli calls for more transparency in how we respond to cyber attacks.
Ransomware has become so professionalised that as of 2023, it is now a US$1 billion industry – and this is only the cases that are reported. There is anecdotal evidence to show that this is just the tip of the iceberg, with many ransom payments going unreported.
Given ransomware is now a fully-fledged organised criminal enterprise, complete with customer service departments helping organisations buy bitcoin to pay ransoms, we can only expect the extortive industry to continue to grow. Hackers will follow the money and profit by draining the resources of legitimate businesses with employees, shareholders, and customers. Now more than ever is the time for those on the side of good to unite against this enemy, making ransomware less profitable and starving the industry of resources, allowing businesses to thrive, invest, and create more jobs.
In Australia, there is ongoing debate around whether to make ransomware payments illegal, which has the potential unintended consequence of driving this activity underground, making it more difficult to learn from. This would make it harder to protect Australian organisations and result in more business revenue ending up in the pockets of organised crime operators.
Australia’s 2023–30 cyber strategy takes a sensible approach to ransomware, creating a task force to protect Australian businesses and co-designing options (with industry) for a no-fault, no-liability ransomware reporting obligation. A well-structured model such as this should provide maximum information for the Department of Home Affairs to help protect other organisations from being targeted, without creating incentives for businesses to pay ransoms while not reporting what occurred.
Typically, the business decision around whether to pay a ransom is based on the impact of the encrypted data. However, in the world of critical infrastructure, human lives can be at stake, either for employees working with the affected systems or for the general public who rely on essential services – such as water and power – which may be impacted by a ransomware outbreak.
The new cyber security act would force businesses to disclose when they pay the ransom to an attacker. Provided this is used as a way for key authorities to help protect other businesses from falling victim, this should help realise Australia’s vision of leading the world in terms of cyber safety.
Industry research indicates how prevalent ransomware is among industrial organisations. Based on research conducted late last year, 75 per cent of industrial organisations suffered a ransomware attack in the prior 12 months.
Twenty-two per cent of these attacks had a “severe” or “extreme” impact on operations, and as operational technology networks become more digitised, the potential impact of ransomware in these systems is only expected to grow, causing safety impacts and flow-on effects disrupting supply chains.
By building a culture of transparency and a legislative framework that doesn’t penalise organisations for sharing information to help us thwart ransomware operators, we can unite as a force for good and conquer this blight on the global digital economy.