Unlock the Editor’s Digest for free
Roula Khalaf, Editor of the FT, selects her favourite stories in this weekly newsletter.
The writer is US Deputy National Security Adviser for Cyber and Emerging Technology
Ransomware is wreaking havoc around the world. Earlier this year an attack against a US health insurance giant shut down operations at hospitals and pharmacies for weeks, costing the company a reported $872mn. This does not include the $22mn ransom payment that the company made to a Russia-based gang. On the other side of the world, a ransomware attack shut down the Port of Nagoya — Japan’s busiest port — for two full days.
These cases exemplify the thousands of attacks that are taking place around the world. The contours of battle continue to expand. Companies, from small businesses and auto dealers to hospitals and other critical infrastructure such as ports and water systems, are all coming under threat. Since 2021, the US government alone has identified more than 4,900 ransomware attacks with at least $3.1bn paid out in ransoms.
Not only is this money that could otherwise be spent on salaries, taxes and business development but it is money that is going directly into the hands of criminal enterprises and rogue states.
If ransomware is a cash cow, cryptocurrencies are its grazing pastures. According to the Financial Action Task Force, most jurisdictions do not comply with international standards for virtual assets. Russia is especially concerning, operating as a safe haven for both ransomware attackers and money laundering crypto exchanges like Bitzlato, Garantex, and PM2BTC. The Russian government has applied pressure to prevent the extradition of cyber criminals apprehended overseas.
Ransomware attacks are also one of the most profitable forms of cyber crime in North Korea’s repertoire. When combined with cyber attacks against cryptocurrency platforms and infrastructure, they form a source of overseas revenue that evades international sanctions and generates more than $3bn.
Addressing these threats requires co-operation via global partnerships. This week, the White House convened 68 member countries, international organisations, and industry leaders for the fourth annual Counter Ransomware Initiative conference in order to explore novel approaches to the problem.
This organisation has become the most effective and largest international cyber partnership, with members from every corner of the globe. As part of it, the US is launching a fund, comprising industry and member contributions, that will strengthen cyber security capabilities via joint assistance in the wake of a cyber attack. It will provide targeted support to improve skills, policies and response procedures.
We in the US are clear-eyed about the enormous scope of this challenge, and the hard work ahead. Enhanced co-operation within government and between countries, civil society and private industry is a critical first step; but we will also need companies to step up and play their part in the boardroom.
The White House has identified a small set of practices, including maintaining and testing backups, encrypting data and deploying network monitoring and multi-factor authentication, that have an outsized impact on the risk of a successful ransomware attack, and the prospects for containing one. Chief executives and corporate boards should codify and implement them immediately, for the health of their own enterprises and their national economies. This is especially true of companies with a nexus to critical services, such as healthcare, whose disruptions can have severe impacts on communities and vulnerable people.
The insurance industry can also play a constructive role, by, among other thing, requiring and verifying implementation of effective cyber security measures as a condition of underwriting its policies, akin to the way fire alarm systems are required for home insurance. Some insurance company policies — for example covering reimbursement of ransomware payments — incentivise payment of ransoms that fuel cyber crime ecosystems. This is a troubling practice that must end.
The scourge of ransomware will not end on its own. Cybersecurity must improve, as countries around the world unite to disrupt ransomware actors and pressure safe haven jurisdictions to take action to stem this destabilising activity. As the battleground shifts, so must our defences. Criminal activity crosses borders and targets public and private sectors in every country. Our solution must do the same.