Building Management Systems
Critical infrastructure
Industries
Manufacturing
Medical
Mining, Oil & Gas
News
Transportation
Utilities: Energy & Power, Water, Waste

WEF suggests multi stakeholder approach to tackle ransomware

May 26, 2021
multi stakeholder approach

The World Economic Forum (WEF) has proposed a multi-stakeholder approach for tackling the ‘criminal enterprise model’ underlying ransomware efforts, with information sharing, pooling of resources, and financial analysis forming the foundations of developing an intelligence-driven assessment of ransomware hackers. 

The multi-stakeholder approach will also help to identify where organizations are weak. Using that information, and collaborating through the proposed framework, international public and private sector partnerships can work together to reduce the global impact of the ransomware threat, WEF said in its latest plan on fighting cyber attacks.

Data from the WEF revealed that the total amount paid by ransomware victims reached an estimated US$350 million in 2020 alone, an average per-incident ransom of $170,000 being demanded, and a total per-incident cost (including recovery) of $761,000. 

Ransomware is proving to be both immensely profitable for criminals and a threat to a nation’s critical infrastructure, public and private organizations. The complexity of ransomware attacks and the criminal enterprise model that supports them present the need for a structured, multi-stakeholder approach to tackle the issues involved.

The WEF has recommended the ‘Partnership Against Cybercrime effort towards Combatting Ransomware,’ to identify areas for collaboration and collective approaches in tackling the threat. As part of its initiative, members of the partnership designed a model ransomware kill-chain, which will include various stages distilled from typical ransomware attacks. It also involves targeting critical elements of ransomware, such as the developers behind the software, or the infrastructure required for orchestration.

The agency seeks to identify relevant actions for each phase from the perspective of the attacker, defender, and government or regulatory bodies. WEF identified key measures that, if implemented appropriately, could greatly hinder ransomware. It recommended faster detection and cross-sector sharing of compromise (IOCs) indicators for new malware and associating these with ransomware, and prioritizing analysis of association for sharing, leading to the adoption of intelligence-led security controls to pre-empt attacks. 

The World Economic Forum’s Centre for Cybersecurity has been leading the global response to address systemic cybersecurity challenges and improve digital trust. As an independent and impartial global platform committed to fostering international dialogues and collaboration on cybersecurity in the public and private sectors, it aims to bridge the gap between cybersecurity experts and decision-makers at the highest levels to reinforce the importance of cybersecurity as a key strategic priority.

Ransomware has in recent times wrecked critical infrastructure sectors around the world, leading to widespread disruption and compromises involving people’s safety, forcing governments to take action against these cyber attackers. 

Earlier this month, the Federal Bureau of Investigation (FBI) detected that the DarkSide ransomware attack was responsible for the compromise of the Colonial Pipeline’s IT networks, which led the company to take certain systems offline to contain the threat. 

The federal agency also identified the existence of 16 Conti ransomware attacks over the last year, targeting US healthcare and first responder networks, including law enforcement agencies, emergency medical services, 9-1-1 dispatch centers, and municipalities. Like most ransomware variants, the Conti ransomware typically steals victims’ files and encrypts the servers and workstations in an effort to force a ransom from victims.

Identifying the need for cyber resilience in the oil and gas sector, the WEF aims to foster international cooperation and dialogues between the industry leaders to embed cyber resilience in the business culture and operating models and take a systemic approach to risk management. 

Following the Colonial Pipeline incident, the agency convened over 40 senior executives to establish a blueprint for evaluating cyber risk across the oil and gas industry, and help the energy industry improve its resilience against cyber risk. 

Anna Ribeiro
Industrial Cyber News Editor. Anna Ribeiro is a freelance journalist with over 14 years of experience in the areas of security, data storage, virtualization and IoT.

A complimentary guide to the who`s who in industrial cybersecurity tech & solutions

Free Download

Related

CISA, FBI, Europol, and NCSC-NL issue joint cybersecurity advisory on Akira ransomware threats
CISA, FBI, Europol, and NCSC-NL issue joint cybersecurity advisory on Akira ransomware threats
Mandiant exposes APT44, Russia's Sandworm cyber sabotage unit, targeting global critical infrastructure
Mandiant exposes APT44, Russia’s Sandworm cyber sabotage unit, targeting global critical infrastructure
Hexagon and Dragos announce technical alliance to boost industrial cybersecurity, reduce overall OT cyber risk
Hexagon and Dragos announce technical alliance to boost industrial cybersecurity, reduce overall OT cyber risk
Armis
Armis acquires Silk Security for $150 million to enhance AI-driven cybersecurity capabilities
Nozomi discovers five vulnerabilities in AMI MegaRAC SP-X BMC, exposing OT, IOT devices to RCE attacks
Nozomi secures US$1.25 million US Air Force contract to boost DoD critical infrastructure security
Industrial Cybersecurity Buyers’ Guide 2024 navigates complex industrial landscape
Industrial Cybersecurity Buyers’ Guide 2024 navigates complex industrial landscape
House Energy and Commerce Committee members seek answers from UnitedHealth on Change healthcare cyberattack
House Energy and Commerce Committee members seek answers from UnitedHealth on Change healthcare cyberattack
CISA announces Cyber Storm IX cybersecurity exercise to strengthen national cyber readiness
CISA announces Cyber Storm IX cybersecurity exercise to strengthen national cyber readiness
New NSA guidance identifies need to update AI systems to address changing risks, bolster security
New NSA guidance identifies need to update AI systems to address changing risks, bolster security
Claroty’s Team82 details cyber attack by Blackjack hackers on Moscow's emergency detection systems
Claroty’s Team82 details cyber attack by Blackjack hackers on Moscow’s emergency detection systems