For a country that boasts economic and technical progression, the United States falls short on ransomware proficiency. Malware groups and the mitigation of cyber attacks run rampant. Many organizations, as well as individuals, do not report these attacks because they don’t know how or where to report these crimes to. When they are reported, the process is extensive and confusing. Due to the lack of reporting, there is also a data and information deficiency on ransomware, making it more difficult to come up with countermeasures and strategies to combat these problems. Only 1 out of 20 ransomware attacks are reported, and this is because many believe that reporting these incidents won’t change anything. This is a growing issue because the government can’t comprehend the exact aggregate of successful or potential attacks that are happening within the United States. Reporting ransomware attacks will not only help protect one’s company, but many others. Raising awareness and being prepared for these attacks can further enhance network security on a national scale.
A plethora of organizations, whether it be large corporations or small businesses, have been affected regardless of the industry they’re in. ENISA, The European Union Agency for Cybersecurity, is committed to attaining and maintaining a high level of cyberspace security across all EU countries. A data report by ENISA investigated 623 ransomware attacks that happened between May 2021 to June 2022 across the EU, the US, and the UK. The report stated that every month, an estimated 10 TB of data and 58.2% of employee personal info were stolen. Most victims tend to stay quiet about attacks and deal with the problem within the company (paying the ransom), rather than seeking help and reporting the incident to relevant authorities. This is due to the trepidation of negative publicity and shame. However, this means that there is little to no useful data on ransomware attacks while ransomware becomes stronger and more efficient by the day. The few victims that do happen to report these attacks are unwilling to share an accurate, detailed delineation of what happened. ENISA states that “The lack of reliable data from targeted organizations makes it very hard to fully understand the problem or even know how many ransomware cases there are.”
Due to scarce reporting, CISA (Cybersecurity and Infrastructure Security Agency), struggles to find out information about ransomware groups: where they’re from, what they want, and what they’re doing. With the urging of Homeland Security and a surge in attacks on schools, hospitals, and governments, formal ransomware reporting regulations were implemented and enforced in 2021. These regulations state that any organization that has been attacked and breached must report the incident to the CISA within 72 hours and the amount demanded within 24 hours. There were 2,323 successful ransomware attacks in the year 2021 but this number is severely low and inaccurate considering the amount of attacks that went unreported and uncounted. Many organizations turn to private, third-party investigators and regulatory agencies instead of federal law enforcement, which also critically skews the data.
The lack of clarity and knowledge on ransomware and cryptocurrency deters federal agencies from helping victims of malware attacks. Even the Federal Bureau of Investigation failed to collect accurate data for years due to the fact that they only considered counting attacks that were reported to their personal Internet Crime Complaint Center. They overlooked local field offices and independent security companies in every state. In 2019, a case study by Emsisoft revealed that there were 24,770 ransomware attacks in that year alone.
Cryptocurrency also plays a huge role in the sphere of ransomware. Cryptocurrency or “crypto” is a decentralized system of digital currency used on the internet as a means to invest, make private transactions, get paid, and more. The main objective of crypto is to shift the power to the currency users and remedy the problems of traditional currency since this system does not need a central bank or government to uphold it. However, cryptocurrency ransom payments have made it difficult for investigators to track ransomware groups such as Black Basta and defend against potential national threats. In 2021, cybersecurity became a prevalent topic when the Biden administration sanctioned the Strengthening American Cybersecurity Act. Educating the masses and, more importantly, employees in various organizations about the importance of understanding and reporting ransomware will ensure that cybersecurity substantially improves. It is the responsibility of the victims to report attacks or potential attacks and follow through with the investigations.
Organizations can help safeguard their networks, data, and information from unwanted visitors by simply installing passwords that are harder to guess and changing passwords every so often. Utilizing multi-factor authentication for all employees will ensure that, in the event of a security breach, the attackers will be stopped from easily accessing data. Every organization is advised to administer security updates immediately to prevent attacks that may take advantage of vulnerabilities.