The year 2021 could turn out to be pivotal for ransomware. We have already seen brazen attacks against critical infrastructure and healthcare organisations, like Colonial in the US or HSE in Europe, driving the issue to the top of everyone’s agendas.
Cognisant of the growing threat to national security where critical infrastructure and essential services had been held hostage, both the Whitehouse and the European Commission responded with the formation of a joint working group to combat the rise of ransomware attacks.
Cybercrimes know no borders and international collaboration is key to collectively defend against the ever-evolving threats. The series of MOUs inked by Singapore and the US to expand cooperation on cybersecurity across the public, defence and financial sectors – as announced during US Vice President Kamala Harris’ recent visit to Singapore – is a good case in point. Indeed, as more countries formalise their cyber cooperation, it could pave the way for a concerted global effort to address the ransomware scourge.
These early overtures might have been enough to send waves through certain sectors of the hacking community. Within weeks, REvil appeared to have exited the scene, after its high-profile attack on Kaseya, marking the end of one of the most notorious ransomware groups in the world.
Exit REvil, enter Black Matter
But, has REvil really packed up, or did they go for a vacation to regroup? A new ransomware group called Black Matter – a collective bearing a startling resemblance to REvil but committing to refrain from attacking the kind of organisation that caused legislative attention to turn on its predecessor – has made their grand debut on the dark web.
Would the robinhood-esque pledge to only steal from the rich be enough to put the genie back in the bottle? Would global authorities take the bait to ease their crusade against ransomware?
At first glimpse, it’s unlikely that such a marketing stunt by Black Matter will gain any legitimacy. It was the attacks on critical infrastructure that aligned public sentiment with the interests of big businesses and propelled governments to take firm action. Having spoken out in defense of victims, how can officials renege on their stance?
With ransomware attacks running rampant, the public have realised that they are equally at risk. For governments to now do nothing could reflect very poorly on them in the event that a truly life-threatening attack takes place in the future.
On the flipside, many official bodies may have realised that the quest to control ransomware through legislation will be an uphill climb. There hasn’t been a workable plan in sight. Putting a blanket ban on ransomware payment isn’t the easy solution it may seem. It may force hackers to focus in on organisations that would have to pay, even in defiance of the law.
For example, hospitals are caught on the horns of the dilemma, having to choose between payment or letting patients die for lack of access to their records or medical services. Equally, banning payment wrongly criminalises the victim. It’s akin to making it illegal to surrender your cash at gunpoint.
The unlikely alliance of public and business goals is likely to be short-lived if Black Matter restricts itself to a strict roster of deep-pocketed organisations. The initial public outcry is likely to wane without any disruption to essential services or goods.
Too good to believe?
Can Black Matter live up to their brand promise? Afterall, even if Black Matter doesn’t have the ill intent to attack critical infrastructure, it can’t guarantee that its malware won’t end up taking down a power station.
Releasing the encryption code for free when accidental victims are affected is not akin to offering an olive branch to the unlucky ones – how quickly could a hospital be up and running again, without any adverse consequences, even with the decryption code?
On this basis alone, it seems like Black Matter is walking on thin ice and will not be able to put the genie back in the bottle altogether. A future attack on critical infrastructure is almost inevitable and the international community must gear up to protect against that.
What Black Matter may have achieved is to buy itself – and the hacking community at large – some wiggle room. They have made their stance and reduce the urgency for policy makers to act now, giving them breathing space to regroup and think through their next move.
And that time is all that the hackers need to keep their scams going with businesses that drive their income. Organisations must continue to stay vigilant and be prepared to take responsibility for their own protection for a good while yet, which means doubling down on security and data protection.
Andy Ng is Vice-President and Managing Director for Asia Pacific and South Region at Veritas Technologies