Ransomware victims aren’t reporting attacks to police. That’s causing a big problem ZDNet
Europol’s annual cybercrime report says ransomware is under-reported by victims – and some casualties appear to be simply hoping that nobody finds out they were a target.
Many victims of ransomware aren’t reporting attacks to police, making it harder to measure the level of crime and to tackle the gangs involved.
Europol’s Internet Organised Crime Threat Assessment 2020 report details the key forms of cybercrime that pose a threat to businesses right now and ransomware remains one of the main concerns, especially as these gangs increasingly display high levels of skill and sophistication. In many cases, ransomware gangs don’t just encrypt the network with malware and demand hundreds of thousands or millions of dollars in bitcoin, they’ll also threaten to leak stolen sensitive corporate files or personal data if they don’t receive a payment.
And while ransomware is one of the most high-profile forms of cyberattack, Europol’s report warns that it remains an under-reported crime as many organisations still aren’t coming forward to law enforcement after falling victim.
Several law enforcement agencies across Europe say they’ve only heard of ransomware cases via reports in local media.
The report suggests that approaching police to start a criminal investigation was “not generally a priority” for victims, who are more concerned with maintaining business continuity and limiting reputational damage. For some, the idea of getting law enforcement involved could be seen as a risk to their reputation.
That’s why some businesses are choosing to engage with what Europol describes as “private sector security firms” to investigate attacks or negotiate ransom payments, instead of approaching the authorities.
Companies do this so evidence of the attack and their response to it can remain outside the public eye, especially given how law enforcement agencies recommend that organisations should never give into the demands of cyber criminals. But many businesses still view paying the ransom as the quickest and easiest way of restoring operations, even if cyber-criminal groups can’t always be trusted to keep their word.
And on top of the moral quandaries when it comes to dealing with cyber criminals or private negotiators, police warn that not reporting ransomware attacks is detrimental to others.
“By using such companies, victims will not file an official complaint, which increases the lack of visibility and awareness concerning real figures of ransomware attacks among law enforcement,” says the Europol paper.
“Not reporting cases to law enforcement agencies will obviously hamper any efforts, as important evidence and intelligence from different cases can be missed”.
But it isn’t just businesses that were actively attempting to avoid publicity that don’t report ransomware attacks; the report notes that some victims just don’t think that law enforcement is able to do anything to help.
However, the report adds that investigating every attack possible helps the authorities build up a better picture of the ransomware landscape and how to potentially prevent attacks or aid organisations that fall victim.
For example, Europol’s No More Ransom portal provides free decryption keys for various families of ransomware. The keys are provided by both cybersecurity companies and law enforcement agencies that have been able to break the encryption following investigation of the ransomware. If organisations don’t report ransomware attacks, it could prevent other victims from being able to use free tools like this.