[DIGITAL Business Africa] – Over the past decade, ransomware has emerged as a prominent component of the global cyber threat landscape. This type of attack aimed at taking control of a target system, in order to block, encrypt, steal and potentially delete its data, is used mainly for immediate extortion purposes, requiring victims to pay a sum in exchange for the return of assets availability and confidentiality.
While ransomware appeared at the end of 1980’s, and are therefore not a new threat as such, their current incidence – estimated at 12% of data breaches in 2022 (IBM, 2022)- as well as their direct and indirect cost –1.4 million $ per organization in 2021 (Sophos, 2022) are unprecedented. Another striking trend lies in the profile of the affected organizations, which are increasingly public institutions and critical infrastructure operators. Since the start of the Covid-19 pandemic, the health sector has become a prime target for threat actors, with 384 ransomware incidents recorded across 38 countries (CyberPeace Institute, 2022).
As a global phenomenon, the ransomware threat spares no industry or region across
the globe the world. It relies on a complex ecosystem – ranging from transnational
organized crime to state-backed actors (Trellix, 2022).
As with most challenges in cyberspace, which remains privately owned or operated for large parts, a global governance framework gathering all actors involved in the detection, prevention, reaction and repression of these should be sought. Ransomware attacks differ from other cyber malicious acts, however, as they are specifically based on blackmail, placing the victim in an even more active role when addressing these acts.
In many cases, targeted private organizations don’t know how to proceed when facing the disruption of their services and the risk of data loss or disclosure. The opportunity to pay the ransom requested, for instance, is still widely debated among stakeholders
notwithstanding the cautions expressed by public authorities – as more than half of
victims pay the ransoms according to recent surveys (Kaspersky, 2021).
The dynamics of the phenomenon thus reinforce the need to achieve effective cooperation and common understanding between private and public actors. Public-Private Partnerships (PPPs), whose value has long been widely recognized in the cybersecurity field, have naturally been proposed as a key component of the response to ransomware.
PPP is usually defined as an “agreement/ cooperation/ collaboration between two or more public and private sectors and has developed through history in many
areas” (ENISA, 2018). While most actors agree on the usefulness of such a broadly
defined action pattern, discrepancies remain between public authorities and the
stakeholder community on what is concretely expected of each party.
Starting from this premise, the Paris Call for Trust and Security in Cyberspace has
launched a workstream aimed at informing the intergovernmental work of the Working
Group n°3 of the Counter Ransomware Initiative by providing a global, multistakeholder lens. This workstream brought together representatives from the public sector, industry and civil society for a round of discussions initiated in mid-2022, where participants agreed on the drafting of the present compendium of existing global initiatives aimed at fighting ransomware threats through PPP cooperative models.
The restitution of the current “state of play” was considered a necessary prerequisite to
further discussions between communities toward the identification of replicable good
practices for each stage of action.
Participants identified a substantial number of initiatives with a global or regional scope
that rely on PPP cooperative models – suggesting broad adhesion to the idea that PPPs
in the fight against ransomware are not only useful in the domestic context but also at
the supranational level.
The existence of regional initiatives alongside initiatives with a worldwide scope suggests that the ransomware threat while being a global phenomenon is in part underpinned by local dynamics that deserve to be addressed more specifically.
A classification of these initiatives has been attempted on the basis of the nature of the goal pursued – which generally correlates with the mandate of the public organization(s)
involved in the PPP. Since ransomware is primarily associated with cybercrime, the
majority of existing initiatives are aimed at facilitating investigations as part of the law
enforcement activities (e.g. INTERPOL’s Gateway Project, World Economic Forum’s
Partnership against cybercrime).
A substantial number of initiatives also aim to provide policy and strategy recommendations for stakeholders, based on prior identification of the gaps at this level as well as threat analysis (e.g. Ransomware Task Force, ENISA Working Group on Cyber Threat Landscape). Finally, a smaller number of initiatives focus on awareness raising and user empowerment by proposing guidance and tools in the event of a ransomware attack, which in turn facilitates investigations (e.g. No More Ransom Project).
The reconstitution of this landscape provides a baseline for building on what already
exists, with a view to identifying potential synergies and redundancies between initiatives,
as well as gaps that are not currently addressed. In line with the feedback often
expressed for cybersecurity PPPs at the domestic level, it appears for instance that the
asymmetry in information sharing between partners of a different nature is still an
the obstacle to the full effectiveness of supranational initiatives.
Continuing this work would provide an accurate picture of stakeholders’ needs, which could be addressed by drawing on good practices identified over the long term.
The participants of the workstream hope that this effort will effectively support the
work of the Counter-ransomware initiative toward a global, comprehensive action
against these ransomware threats.
They will provide Working Group n°3 with their full report before the annual meeting of the Counter Ransomware Initiative and will offer participating States to exchange on the first outcomes of their work during a high-level roundtable in the framework of the 5th edition of the Paris Peace Forum, on November 11-12.
Source: Read the report and the top ten initiatives against cybercrime in the Paris Call Compendium of transnational PPP against ransomware