Ransom War

Ransomware endangers the safety of citizens and undermines international stability and prosperity. It is malicious software that restricts users from accessing their systems or data. Victims are coerced into making payments to restore access or prevent the release of sensitive information.

The issue presents formidable challenges to national security. In May 2021, Colonial Pipeline, a Georgia-based company managing a large portion of the petroleum, diesel, and jet fuel transportation along the U.S. East Coast, fell victim to a ransomware attack. Within just two hours, the cybercriminals stole nearly 100 gigabytes of data while successfully encrypting the company's billing system, demanding millions of dollars in exchange of a decryption tool to restore service. Colonial Pipeline suspended its operations, triggering panic-driven hoarding and fuel scarcity in various states, most notably North Carolina and Georgia. In response to this crisis, the Biden Administration scrambled to find alternative ways to transport oil along the East Coast using trucks, trains, and ships.

Ransomware also imposes severe hardship on individuals, with the most vulnerable often shouldering the heaviest burden. One chilling example took place in March 2023 when hackers targeted Lehigh Valley Health Network, a healthcare network in Pennsylvania. By stealing and encrypting their data, the cyber criminals attempted to extort a payment. When the healthcare organization refused to yield, the hackers resorted to a despicable act, leaking personal data and private photographs of topless female breast cancer patients.

Ransomware has changed the hacking landscape, making governments prioritize protecting their societies from profit-driven hackers. In 2022, most of the British government's crisis management 'Cobra' meetings were convened in response to ransomware incidents, surpassing other national security emergencies. Yet curiously, little has been written about the inner workings of the groups responsible for deploying ransomware and the measures governments and organizations can take to combat this threat. These crucial questions demand investigation: What factors contribute to the surge in ransomware incidents? How are criminal ransomware groups organized and coordinated? Are their motivations purely financial, and does violence play a role in these operations? Furthermore, what transformations can we anticipate in future ransomware activities, and how can we effectively halt their progression?