Interpol secretary general warns of 'ransomware pandemic' and calls for combined action
According to Jürgen Stock, the best way to disrupt these attacks is to adopt the method of international collaboration used to fight terrorism, human trafficking and organized crime
Cybertech
| 14/07/2021
Interpol Secretary General Jürgen Stock. Photo: REUTERS/Charles Platiau
The secretary general of Interpol, Jürgen Stock, has called on police agencies around the world to form a global coalition with business companies in order to prevent a pandemic of ransomware attacks. At a forum of senior Interpol officials held Monday, Stock said that although there are currently solutions at the national or bilateral level, the best way to actively prevent and disrupt ransomware attacks is to adopt the same methods of international collaboration used to fight terrorism, human trafficking and organized crime.
During the meeting, the senior officials discussed the growth of cyberattacks in general and ransomware attacks in particular, with a focus on the increasing sophistication of the malicious ecosystem, and on the new business model of cybercriminals, Ransomware as a Service (RaaS). In the RaaS model, the malicious actors supply the infrastructure needed to carry out ransomware attacks, including a payment portal (using some type of cryptocurrency, most commonly Bitcoin), in exchange for a cut of the profits.
“Despite the severity of their crimes, ransomware criminals are continuously adapting their tactics, operating free of borders and with near impunity,” said Stock. “Much like the pandemic it exploits, ransomware is evolving into different variants, delivering high financial profits to criminals. Ransomware has become too large of a threat for any entity or sector to address alone; the magnitude of this challenge urgently demands united global action which Interpol can uniquely facilitate as a neutral and trusted global partner."
The Interpol website cites statistics from Chainalysis and Palo Alto Networks that the profits from ransomware attacks in 2020 reached about $350 million, a growth of 311% from the previous year. The average ransom payment increased 171% during this period. Interpol set up a special project, Project Gateway, in which it cooperates with private entities and receives threat data directly, makes efforts to prevent attacks by raising awareness on the issue, and provides emergency support and continuous support following attacks.
It is interesting to note that the malicious actors eventually make contact with law enforcement authorities via mediators. Thus, for example, the cyber news website Bleeping Computer takes part in Project Gateway. Also, cybercriminals often contact the website's staff in order to send messages, and even decryption keys, to victims. For example, last month the Avaddon ransomware group shut down its operations and released the keys via an e-mail to a reporter from the website.
Meanwhile, a recent large-scale ransomware attack that has yet to end involves the malicious group Revil, estimated to be operating from Russian territory, which hit about 1,500 global customers using the software of American company Kaseya. The company announced that it has fixed the breach but the attackers are still demanding $70 million for the data that they stole.
According to Jürgen Stock, the best way to disrupt these attacks is to adopt the method of international collaboration used to fight terrorism, human trafficking and organized crime
Interpol Secretary General Jürgen Stock. Photo: REUTERS/Charles Platiau
The secretary general of Interpol, Jürgen Stock, has called on police agencies around the world to form a global coalition with business companies in order to prevent a pandemic of ransomware attacks. At a forum of senior Interpol officials held Monday, Stock said that although there are currently solutions at the national or bilateral level, the best way to actively prevent and disrupt ransomware attacks is to adopt the same methods of international collaboration used to fight terrorism, human trafficking and organized crime.
During the meeting, the senior officials discussed the growth of cyberattacks in general and ransomware attacks in particular, with a focus on the increasing sophistication of the malicious ecosystem, and on the new business model of cybercriminals, Ransomware as a Service (RaaS). In the RaaS model, the malicious actors supply the infrastructure needed to carry out ransomware attacks, including a payment portal (using some type of cryptocurrency, most commonly Bitcoin), in exchange for a cut of the profits.
“Despite the severity of their crimes, ransomware criminals are continuously adapting their tactics, operating free of borders and with near impunity,” said Stock. “Much like the pandemic it exploits, ransomware is evolving into different variants, delivering high financial profits to criminals. Ransomware has become too large of a threat for any entity or sector to address alone; the magnitude of this challenge urgently demands united global action which Interpol can uniquely facilitate as a neutral and trusted global partner."
The Interpol website cites statistics from Chainalysis and Palo Alto Networks that the profits from ransomware attacks in 2020 reached about $350 million, a growth of 311% from the previous year. The average ransom payment increased 171% during this period. Interpol set up a special project, Project Gateway, in which it cooperates with private entities and receives threat data directly, makes efforts to prevent attacks by raising awareness on the issue, and provides emergency support and continuous support following attacks.
It is interesting to note that the malicious actors eventually make contact with law enforcement authorities via mediators. Thus, for example, the cyber news website Bleeping Computer takes part in Project Gateway. Also, cybercriminals often contact the website's staff in order to send messages, and even decryption keys, to victims. For example, last month the Avaddon ransomware group shut down its operations and released the keys via an e-mail to a reporter from the website.
Meanwhile, a recent large-scale ransomware attack that has yet to end involves the malicious group Revil, estimated to be operating from Russian territory, which hit about 1,500 global customers using the software of American company Kaseya. The company announced that it has fixed the breach but the attackers are still demanding $70 million for the data that they stole.
