Ransomware: The Global Cybersecurity Pandemic

I am sitting in Paris this week at the Les Asis conference, but my mind is also on Biden’s ransomware summit as ransomware took center stage again this week. No, not because of a major ransomware attack shutting down critical infrastructure or grinding production to a halt. In fact, the opposite. President Biden continued to push the need for cybersecurity and a more effective response to the scourge of ransomware by convening a 2-day ransomware summit involving 30 countries around the world. 

I have worked in cybersecurity and with nation-state governments long enough that I know not to expect miracles from a meeting like this. I am cautiously optimistic, however. Ransomware is a form of terrorism, and it doesn’t affect just one country. Ransomware is a potential threat to every business and government agency in every country—and it will take a coordinated global effort to address the issue. 

Focus on RansomOps

We are less than 9 months into the Biden Administration, but they have made it clear that cybersecurity and fighting against ransomware are priorities. President Biden has called out Russia specifically for ignoring ransomware gangs operating from within its borders, and issued a mandate that government agencies deploy EDR (endpoint detection and response) solutions to improve security. 

More recently, President Biden took aim at the broader ransomware economy by cracking down on cryptocurrency exchanges being used to facilitate ransomware payments. Cryptocurrency was also one of the main focuses of this week’s ransomware summit. The participants discussed how they can cooperatively trace and disrupt the use of cryptocurrency for criminal activity. 

The actual exploit that encrypts data is just one small facet of ransomware operations—or RansomOps. RansomOps is a business, with different entities enabling and working with each other, and the Biden Administration appears to understand that until we can get to the root of RansomOps, we are just putting a Bandaid on the issue. 

Win As One

The nature of ransomware makes cooperation like this crucial. Ransomware attacks have blurred the line between traditional cybercrime and nation-state attacks, so an effective defense requires a partnership between the public and private sector with cybersecurity vendors working hand-in-hand with the government. We launched Cybereason Government, Inc. to enable us to work with defenders in government agencies. 

One of our core values at Cybereason is “Win as One.” It is part of our company culture to recognize the value of teamwork and partnership and understand the importance of working together to achieve goals. This week we announced our strategic partnership with Google Cloud—working together to bring to market a joint solution to reverse the adversary advantage and protect customers from ransomware and other malicious threats. 

Ransomware is a lucrative business, and cybercriminals will continue to use it as long as it is profitable. Once an organization has been hit with ransomware, there are no good options, so it’s important that we work together—between the public and private sectors and as a global community—to disrupt RansomOps. 

While we work toward that goal, though, organizations need to be able to defend against ransomware today. You have to have an operation-centric solution to prevent ransomware from happening in the first place. 

Lior Div
About the Author

Lior Div

Lior Div, CEO and co-founder of Cybereason, began his career and later served as a Commander in the famed Unit 8200. His team conducted nation-state offensive operations with a 100% success rate for penetration of targets. He is a renowned expert in hacking operations, forensics, reverse engineering, malware analysis, cryptography and evasion. Lior has a very unique perspective on the most advanced attack techniques and how to leverage that knowledge to gain an advantage over the adversary. This perspective was key to developing an operation-centric approach to defending against the most advanced attacks and represents the direction security operations must take to ensure a future-ready defense posture.

All Posts by Lior Div