The World Economic Forum (WEF) has proposed a multi-stakeholder approach for tackling the ‘criminal enterprise model’ underlying ransomware efforts, with information sharing, pooling of resources, and financial analysis forming the foundations of developing an intelligence-driven assessment of ransomware hackers.
The multi-stakeholder approach will also help to identify where organizations are weak. Using that information, and collaborating through the proposed framework, international public and private sector partnerships can work together to reduce the global impact of the ransomware threat, WEF said in its latest plan on fighting cyber attacks.
Data from the WEF revealed that the total amount paid by ransomware victims reached an estimated US$350 million in 2020 alone, an average per-incident ransom of $170,000 being demanded, and a total per-incident cost (including recovery) of $761,000.
Ransomware is proving to be both immensely profitable for criminals and a threat to a nation’s critical infrastructure, public and private organizations. The complexity of ransomware attacks and the criminal enterprise model that supports them present the need for a structured, multi-stakeholder approach to tackle the issues involved.
The WEF has recommended the ‘Partnership Against Cybercrime effort towards Combatting Ransomware,’ to identify areas for collaboration and collective approaches in tackling the threat. As part of its initiative, members of the partnership designed a model ransomware kill-chain, which will include various stages distilled from typical ransomware attacks. It also involves targeting critical elements of ransomware, such as the developers behind the software, or the infrastructure required for orchestration.
The agency seeks to identify relevant actions for each phase from the perspective of the attacker, defender, and government or regulatory bodies. WEF identified key measures that, if implemented appropriately, could greatly hinder ransomware. It recommended faster detection and cross-sector sharing of compromise (IOCs) indicators for new malware and associating these with ransomware, and prioritizing analysis of association for sharing, leading to the adoption of intelligence-led security controls to pre-empt attacks.
The World Economic Forum’s Centre for Cybersecurity has been leading the global response to address systemic cybersecurity challenges and improve digital trust. As an independent and impartial global platform committed to fostering international dialogues and collaboration on cybersecurity in the public and private sectors, it aims to bridge the gap between cybersecurity experts and decision-makers at the highest levels to reinforce the importance of cybersecurity as a key strategic priority.
Ransomware has in recent times wrecked critical infrastructure sectors around the world, leading to widespread disruption and compromises involving people’s safety, forcing governments to take action against these cyber attackers.
Earlier this month, the Federal Bureau of Investigation (FBI) detected that the DarkSide ransomware attack was responsible for the compromise of the Colonial Pipeline’s IT networks, which led the company to take certain systems offline to contain the threat.
The federal agency also identified the existence of 16 Conti ransomware attacks over the last year, targeting US healthcare and first responder networks, including law enforcement agencies, emergency medical services, 9-1-1 dispatch centers, and municipalities. Like most ransomware variants, the Conti ransomware typically steals victims’ files and encrypts the servers and workstations in an effort to force a ransom from victims.
Identifying the need for cyber resilience in the oil and gas sector, the WEF aims to foster international cooperation and dialogues between the industry leaders to embed cyber resilience in the business culture and operating models and take a systemic approach to risk management.
Following the Colonial Pipeline incident, the agency convened over 40 senior executives to establish a blueprint for evaluating cyber risk across the oil and gas industry, and help the energy industry improve its resilience against cyber risk.