Key Findings
The first major finding in Europol’s 2020 Internet Organised Crime Threat Assessment report is that ransomware is still the most dominant cyber threat. As per previous years, ransomware remains the leading threat for organizations in both the private and public sector. This is the case not only in Europe but elsewhere in the world as well. Furthermore, the ransomware attacks have continued to become more sophisticated and targeted. The targets are no longer individual PCs, as in the beginning. Today, the main targets are public and private organizations of various sizes and from various industries. “This enables threat actors to increase both the ransom amount requested and the probability of successfully making the victim pay the ransom,” the report explains. Another key finding was that pressure on organizations brought on by ransomware attacks has increased significantly in the past year. Attackers are not just encrypting networks with malware and demanding thousands or millions of dollars in ransom money. Nowadays attackers are also stealing organizations’ data and threatening to publish it online if victims don’t pay the ransom. Moreover, ransomware attacks now appear to have turned deadly. Recently, a woman in a critical condition died because the hospital that should have treated her was experiencing a ransomware attack. In addition, the report found that ransomware attacks on third-party providers disrupted other organizations in the supply chain, as well as critical infrastructure. Ransomware attacks not only affect the organizations they target. They affect firms and individuals whose data is being stolen. As well as those who rely on services provided by the targeted organizations. “These attacks have an impact across the whole supply chain, which may do substantial damage through long downtime or information leaks for organisations indirectly affected by the attack,” explains Europol.
Ransomware Victims not Reporting Attacks
The report states that a main challenge in stopping ransomware attacks is that many organizations don’t alert police. This is especially the case when victims decide to pay the ransom. As Europol says in its report: “Considering the scale of damage that ransomware can inflict, victims also appear to be reluctant to come forward to law enforcement authorities or the public when they have been victimized, which makes it more difficult to identify and investigate such cases.” Some law enforcement agencies across Europe say that they often only hear of ransomware cases via reports in the media. Europol states that contacting law enforcement agencies to start investigations into attacks was “not generally a priority” for victims. Victims were more concerned about maintaining business continuity and limiting reputational damage. Getting law enforcement agencies involved was seen by some organizations as a risk to their reputation. Consequently, some organizations prefer to engage private sector security firms – to investigate attacks or negotiate ransom payments – rather than approaching the authorities. However, Europol warns “Some of the companies that negotiate the ransom payment are working on the edge of legality, as they have developed a trusted business relationship with the ransomware actors.” The report adds that investigating attacks helps authorities build a picture of the ransomware landscape. This in turn helps them understand how to potentially prevent attacks or how to help organizations that fall victim. It is therefore essential that all victims of ransomware attacks report such attacks.