The ransomware epidemic is “too difficult” for police to stop, a Microsoft security expert has said.
Tom Burt, the company’s corporate vice president of customer security, said that the cross-border nature of criminal gangs means that without the intervention of national governments, law enforcement agencies will struggle to have a meaningful impact.
Police need help to fight ransomware
Speaking at an event to mark the launch of Microsoft’s new Digital Defence report, Burt said: “The problem with the efforts by law enforcement globally to try to address ransomware is that the challenges of conducting traditional law enforcement investigations and prosecutions against ransomware actors are just too difficult given the cross-border nature of that activity, the fact that a lot of the actors are beyond the reach of law enforcement that care about the issue. It’s just too difficult.”
The report itself highlights the complex nature of ransomware gangs and threat they pose. “While law enforcement activities likely slowed the frequency of attacks in 2022, threat actors might well develop new strategies to avoid being caught in the future,” it says
Burt is in agreement. “The groups that are most active in providing ransomware-as-a-service are very sophisticated and well-resourced, and as we [tech companies], law enforcement and others seek to detect what they are doing and disrupt their activity, we will certainly see them continuing to evolve their approaches to try to avoid detection and to avoid disruption,” he said.
Microsoft says the onus is on national governments to stop these gangs operating on their soil. “Will governments take action to prevent ransomware criminals from operating within their borders, or seek to disrupt actors operating from foreign soil?,” the report asks. It highlights countries like Russia, which reportedly allows cybercriminals to operate from within its borders.
Ransomware: victims must protect themselves
The Microsoft Digital Defence report also highlights that organisations must do more to protect themselves. “The vast majority of successful cyberattacks could be prevented by using basic security hygiene,” it says. This includes multi-factor authentication and applying zero trust principles, which Microsoft said could help foil 98% of attacks.
Extended detection and response anti-malware, where attacks are automatically blocked is “essential to being able to respond to threats in a timely fashion,” continues the report. Staying up to date with patching is a must, and a “key reason many organisations fall victim to an attack.”
Finally, protecting data will help tremendously with defending a system against a cyber attack, “Knowing your important data, where it is located and whether the right systems are implemented is crucial to implementing the appropriate protection,” Microsoft said.