The Fight Against Cyber Crime
As of January 1, 2017, the state of California began enforcing a law which treats ransomware as a form of extortion. Wyoming also has a similar law, and Maryland is considering adopting a law specific for the growing cyber crime, ransomware. Prior to these laws, if a ransomware developer or distributer was arrested, the criminal justice system did not have appropriate guidance for charges and standard sentencing. Now, in certain states they do.
This is great, it really is. But–what about actually catching the cyber criminals? They have to be caught to be charged and sentenced, right? Well, what are authorities doing to catch them? This is where there seems to be a gap. I cannot tell you how many times I have read an article about a ransomware attack and it has stated that although local and government officials have been informed, there is little they can do. There are two reasons for this. First, many of these attacks originate overseas. Second, the cyber criminals are meticulous about covering their tracks. Barrier, yes. Excuse, no.
So what can authorities do?
Honestly, I don’t have an answer — but there has to be something, right? Recently, a Bulgarian man was extradited to the U.S. for allegedly distributing the ransomware, GozNym. He is still awaiting trial. But what about the thousands of others who are committing these crimes? Are officials focusing on them? Perhaps they’re looking only for “the big fish”. But how does that impact the victims?
The concern is, if the ransomware victims feel as though law enforcement won’t do anything regarding the attack, they will choose not to report future attacks. In a recent survey completed by over 450 Tech Talk guests, 20% stated they would not bother reporting a ransomware attack to the FBI. Would you?
Failing to report the cyber crimes is not going to help matters. Reporting the crime will not make tracking down the cyber criminals any easier; however, it will help authorities determine the magnitude of the issue. Although, they should be fully aware of the magnitude, considering ransomware payments hit the $1 billion mark in 2016 and ransomware attacks increased by 167% from 2015 to 2016.
What are your thoughts? Are there any law enforcement authorities out there who have input on this?