It’s a new year, a time when many people look to turnover a new leaf and make some positive changes.
Sadly, not everyone.
In particular, it seems that ransomware gangs show no signs of letting up on their criminal activity in 2023.
Then again, why would they?
Ransomware was one of the major cybersecurity issues of last year – and many of the previous years too – as cyber criminals used file-encrypting malware against a series of victims, including universities, schools, hospitals and more.
The goal of ransomware attacks is simple; make money by demanding a ransom payment in exchange for the decryption key to (maybe) unlock the encrypted systems.
These ransom demands can be millions of dollars. But while national governments, law enforcement agencies and cybersecurity companies warn that victims should never pay the ransom because it only encourages further attacks, many do; either because they feel helpless, or because they think it’s the quickest way of retrieving their encrypted files. Not that crooks can be trusted to hold their word.
Not every ransomware victim gives into the ransom demands, instead opting to painstaking restore their network from scratch, which can take weeks or even months – but a significant number victims do pay, which is why ransomware continues to be a major cybersecurity threat – because it works and it makes criminals money.
But ransomware isn’t some abstract threat where the impact is restricted to technology or the victim organization and its employees – it often has an impact on the general public too.
Just in the last week the UK’s Royal Mail wasn apparently hit by what has been reported by multiple outlets who’ve seen the ransom note as a Lockbit ransomware. Meanwhile, The Guardian newspaper recently revealed that the cyber attack it was hit by late last month was ransomware.
Both are examples of how ransomware attacks are having an impact on services people use and rely on every day.
Ransomware attacks are a tricky problem to tackle of course – international in nature, with gangs often hiding in jurisdictions beyond the reach of law enforcement and mostly demanding hard-to-track cryptocurrency for payment. But hoping they will simply go away is not going to make it so – it’s time for action. Law enforcement agencies have had some success against the gangs, but more is needed.
This is issue that is much bigger than tech and should be treated as such especially when gangs are willing to threaten the key services and institutions we rely on.
ZDNET’S MONDAY OPENER
ZDNet’s Monday Opener is our opening take on the week in tech, written by members of our editorial team.
PREVIOUSLY ON ZDNET’S MONDAY OPENER: