NCI Ransomware Report: Analysis of Activity and Recommendations to Disrupt Operations

The National Council of ISACs (NCI), of which WaterISAC is a member, has published a report describing how criminal organizations conduct ransomware operations and their impact to society. The report provides a thorough background of ransomware, to include providing descriptions of how ransomware infections occur and offering key statistics. One of these statistics is an estimate from the FBI that there are 4,000 ransomware attacks every day, equating to a ransomware attack every 40 seconds. It discusses the direct and indirect costs of ransomware to victims, noting that downtime costs alone cost U.S. businesses $20 billion in revenue. It also refers to ransomware as “the equivalent of a criminal organization’s tax on business.” A major takeaway from the report is the impunity with which ransomware actors perpetrator their activities, protected by countries that refuse to extradite their citizens (e.g., Russia) and cryptocurrency exchanges that make it difficult for law enforcement agencies to track down and seize payments. The report argues for greater regulation and enforcement of the cryptocurrency ecosystem to degrade and disrupt the ability of ransomware operators to conduct their campaigns.