From Ransomware to Ransom War: The Evolution of a Solitary Experiment into Organized Crime
This report discusses significant milestones in the development of ransomware, and what turned them into a significant threat to human and national security.
Historically, discussions on cyber conflict have primarily centered on the involvement of state-sponsored or affiliated groups. Yet, the growing prominence of criminal actors – specifically, ransomware groups – now demands a shift in attention. Ransomware, a type of malicious activity where hackers lock access to files or systems until a ransom is paid, increasingly threatens both citizen safety and global stability. In 2022, the majority of the U.K’s government’s crisis management “Cobra” meetings were convened in response to ransomware incidents rather than other national security emergencies. According to Sami Khoury, the head of the Canadian Center for Cyber Security, the threat from nation-states remains significant but cybercrime, of which ransomware is the most disruptive form, is “the number one cyber threat activity affecting Canadians.” The Swiss National Cybersecurity Centre warns that ransomware could pose an “existential threat” to businesses and government agencies.
It starts with the adoption of better encryption techniques by criminals, enabling them to effectively hold data for ransom. The use of botnets subsequently expanded their operational reach, while there was also a shift away from prepaid card systems in favor of crypto-currencies such as Bitcoin, which provided anonymity and ease of transaction. Following these developments, the emergence of Ransomware as a Service (RaaS) allowed for a better division of tasks within the cybercriminal community, making it easier for newcomers to participate. Tactics evolved further to include double extortion, where attackers threaten to publish stolen data unless a ransom is paid. The final shift saw the professionalization of ransomware groups. It also increased their intent and capability to target major organizations, maximizing their ransom potential. I refer to the ransomware groups at the forefront of this troubling trend in the criminal ecosystem as ransom war groups.
This report is based on chapter one of Max Smeets’ book titled “Ransom War: How Cyber Crime became a Threat to National Security,” forthcoming with Oxford University Press and Hurst Publishers.