How ransomware gangs have become security’s biggest threat

Opt-in to Cyber Safety. Multiple layers of protection for your devices, online privacy and more.

Cyber security experts, ex-military officials and some politicians are pushing for ransomware gangs to be treated not as hackers but like “pirates” of the past, in a rethink of how to best counter their growing threat to businesses, industries and society.

The shift recognises the way ransomware gangs are used by authoritarian nations to mount sustained attacks on Western businesses and sectors, a new dimension in the ongoing contest between strongmen and democracies.

Tim Watts, shadow assistant minister for communications and cyber security, calls ransomware gangs “modern-day” pirates. He wants aggressive coordination between international law enforcement, targeted sanctions, even cyber operations aimed to disrupt the gangs, in an effort to close the gaps being exploited by cyber criminals.

“The bulk of the ‘solution’ here is not technological, but instead policy, regulation, law enforcement, diplomacy and then a bit of offensive cyber,” says Watts.

Labor’s assistant spokesman for communications and cybersecurity Tim Watts likened ransomware crews to pirates.

Labor’s assistant spokesman for communications and cybersecurity Tim Watts likened ransomware crews to pirates.Credit:Dominic Lorrimer

For years, ransomware attacks were treated as a subset of hacking. The liability of such intrusions was considered a cost of doing business – one whose responsibility sat squarely on the business’s shoulders.

But things have changed.

In a decade, ransomware software has grown from a tool by hackers to extort individuals for hundreds of dollars, to an underworld service-for-hire among criminals to shakedown entire industries for hundreds of millions. Cryptocurrency, meanwhile, has proven an ideal means of paying ransom to shadowy gangs across borders.

JBS food processor in Australia and the US was hit by ransomware gang DarkSide in May, leaving about 7000 meat workers out of work until the company could develop a workaround. In the US, a DarkSide ransomware attack halted petrol to the east coast. The Clop ransomware group was reportedly behind the December attack Transport for NSW.

All of the gangs are based in Eastern Europe but the Kremlin won’t extradite or prosecute these gangs as long as they don’t attack Russian interests. The…