It’s a new year, a time when many people look to turn over a new leaf and make some positive changes. Sadly, not everyone. In particular, it seems that ransomware gangs show no signs of letting up their criminal activity in 2023.

Then again, why would they?

Ransomware was one of the major cybersecurity issues of last year – and many of the previous years too –  as cyber criminals used file-encrypting malware against a series of victims, including universities, schools, hospitals, and more.

The goal of ransomware attacks is simple; make money by demanding a ransom payment in exchange for the decryption key to (maybe) unlock the encrypted systems.

These ransom demands can be millions of dollars. But while national governments, law enforcement agencies, and cybersecurity companies warn that victims should never pay the ransom because it only encourages further attacks, many do; either because they feel helpless, or because they think it’s the quickest way of retrieving their encrypted files. Not that crooks can be trusted to hold their word.

Not every ransomware victim gives into the ransom demands, instead opting to painstakingly restore their network from scratch, which can take weeks or even months – but a significant number of victims do pay, which is why ransomware continues to be a major cybersecurity threat – because it works and it makes criminals money.

But ransomware isn’t some abstract threat where the impact is restricted to technology or the victim organization and its employees – it often has an impact on the general public too.

Just in the last week, the UK’s Royal Mail was apparently hit by what has been reported by multiple outlets who’ve seen the ransom note as a Lock bit ransomware. Meanwhile, The Guardian newspaper recently revealed that the cyber attack it was hit by late last month was ransomware.

Both are examples of how ransomware attacks are having an impact on services people use and rely on every day.

Ransomware attacks are a tricky problem to tackle of course – international in nature, with gangs often hiding in jurisdictions beyond the reach of law enforcement and mostly demanding hard-to-track cryptocurrency for payment. But hoping they will simply go away is not going to make it so – it’s time for action. Law enforcement agencies have had some success against the gangs, but more is needed.

This is an issue that is much bigger than tech and should be treated as such especially when gangs are willing to threaten the key services and institutions we rely on.

Source: ZD Net