(For the full report, please click here.)

Executive Summary

For my INFO-601 Foundations of Information research paper (completed in December 2021), I wanted to understand the history and current state of the ransomware epidemic as well as what organizations can do to protect themselves and what authorities can do about the issue.

Ransomware is one type of malware (short for “malicious software”) that exists today that is a threat to all organizations and, especially, critical infrastructure—physical and virtual infrastructure that's so vital that to disturb or destroy it could debilitate the security of public health, the economy, and/or safety—around the world (Reshmi, 2021, p. 1). While ransomware has been around since the late '80s, the threat of ransomware attacks simply hasn't been taken seriously until now. The drastic rise in ransomware attacks over the past few years is due to a combination of the increased digitization of data without properly securing it, hackers' relative ease of access to pre-packaged ransomware software via Ransomware-as-a-Service (RaaS) on the dark web, lack of access for many ransomware operators to well-paying jobs, and the difficulty in tracing the flow of cryptocurrency such as Bitcoin.

Organizations that do not live a culture of good cybersecurity hygiene have been operating precariously by granting users access to their systems via single-factor authentication, using outdated hardware and software that has not been patched for security vulnerabilities, and not having a plan in place in case of a ransomware attack.

Luckily, thanks to technical guidance from such groups as the Cybersecurity and Infrastructure Security Agency, the FBI, the Federal Trade Commission, and other cybersecurity experts, there are feasible measures organizations can take to protect themselves preemptively as well as turn to during and after ransomware attacks. Across the globe, authorities are working together to take down ransomware operators' websites on the dark web and have ramped up measures to try to catch ransomware operators as they travel. Recently, taking these hackers into custody while they travel has proven seemingly fruitful although varying geopolitical relationships between various nations will prove over the longer term whether such actions as extradition requests are to be fulfilled. To that end, Reuters reported that the October cybersecurity summit hosted by the US between 30 nations and the EU was meant to send a warning about the severity to come in targeting ransomware operators as well as for harboring cybercriminals. However, Russia, China, Iran, and, of course, North Korea were noticeably not included in the meeting (Nakashima, 2021). While this simply reflects the hostile relations between the US and those nations, due to the disproportionately high number of ransomware attacks coming from those regions, it remains to be seen how the ransomware epidemic will evolve.

As the US intensifies its efforts at combatting the problem, in November, the Department of Homeland Security launched a new program that prioritizes hiring cybersecurity experts to bolster manpower in dealing with the ongoing crisis (Colarossi, 2021). Organizations have also been adding more cybersecurity positions such as chief information security officers and other data security experts to their labor force (Stupp, 2021).