Fortinet was proud to have been asked to participate in the first INTERPOL High-Level Forum on Ransomware, held online on July 12, 2021. FortiGuard Labs' Derek Manky joined other cybercrime experts ?including INTERPOL's Secretary General and Executive Director of Cybercrime, the Chief of Cybercrime at the United Nations, leaders from the World Economic Forum, and members of law enforcement agencies from around the world?to discuss the rapid rise of ransomware around the world and its growing impact on the world economy. Manky has also been a member of the (INTERPOL Global Cybercrime Expert Group) since its inauguration in 2015. INTERPOL IGCEG is a selected group of cybercrime experts that participate in annual workshops to tackle various problems.
Much of the forum was dedicated to discussing the real-world impact of cybercrime on organizations globally, impacting businesses, critical infrastructure, and essential services, especially healthcare. Very timely topics, given several recent high profile ransomware attacks and FortiGuard Labs research showing ransomware on the increase.
INTERPOL's First Global Conference on Ransomware - Mapping Cybercrime
Manky also spoke about a new threat mapping project he is running in conjunction with the World Economic Forum. This effort is focused on mapping cybercrime, including the ad hoc organizations running attacks like ransomware, as a strategy for combating cybercrime. The goal is to create a strategic tool to help effectively understand the scope of the problems and the use that information to disrupt cybercrime.
This is harder than it looks. While there sometimes may be some well-known criminal name attached to a high-profile attack, the reality is that there are often dozens of independent contractors collaborating in anonymous underground chat rooms to pull off that attack.
Some produce the crimeware (such as developers, packers, and individuals with expertise in special platforms), others are enablers (like nation states and hosting services), and some are members of the primary criminal organization running the operation.
Catching the Bad Guys and Preventing Ransomware
Ancillary to the complexity of the structure of many ransomware campaigns is capturing those responsible. This challenge has two elements:
Because many of the services outlined above are provided anonymously in Dark Web chat rooms, catching one person or group does not stop an organization. Like the fabled nine-headed hydra, if one head is cut off it will simply grow back?or in this case, be replaced by a new individual or organization willing to provide the same service. The other challenge boils down to international borders. While there has been some success at hunting down cybercriminals, they still successfully evade capture because some countries are less willing to cooperate.
INTERPOL's Ransomware Conference Takeaways
At the end of the conference, there were four key takeaways that should be used by law enforcement and other agencies, both public and private, to help staunch the tide of ransomware. For governments and law enforcement agencies, these takeaways are:
- Prevent ransomware by raising awareness, partnerships, and information sharing.
- Aim for pre-exploit disruption of ransomware and its ecosystem through global law enforcement actions both reactively and proactively.
- Provide in-event emergency support against ransomware attacks with the use of INTERPOL's global network and capabilities.
- Ensure post-event support following ransomware attacks to increase resilience, agility, and responsiveness.
Achieving these objectives also requires a close partnership with the private sector. Public agencies need to combine their efforts with advanced prevention, detection, and response technologies, threat hunting and criminal tracing capabilities, best practices and training, and advances in AI and machine learning to effectively combat and counter the growing sophistication of today's cybercriminal enterprises.