News

Intelligence Bill Proposes Labeling Ransomware as Terrorism. 

Cat Allen​
3 min read
U.S. Government Cyber Solutions​

Ransomware has crossed the chasm from being an occasional nuisance to a persistent national security threat.  

According to the Sophos State of Ransomware 2024 report (opens a new window), over the past year 59% of organizations were burdened by ransomware and the cost of the ransoms has increased five-fold. Historically, businesses have paid the ransom because economically it made sense. For example, in the case of the CDK Global ransomware attack (opens a new window), the threat actor demanded a $25 million ransom, but the damages from the attack stacked up to over $600 million in direct losses.  

The U.S Responds to Increase in Ransomware

A new bill proposed by the Senate Intelligence Committee (opens a new window) proposes labeling ransomware groups as “hostile foreign cyber actors” and would designate countries or governments harboring such groups as state sponsors of ransomware, making them susceptible to sanctions. If passed, the bill would be the first of its kind in the U.S. to elevate ransomware to the same threat level as terrorism.  

The bill proposes labeling 18 ransomware groups (opens a new window) as “hostile foreign cyber actors” and would also place response to ransomware as a national priority for the intelligence community, enabling greater ability to pursue ransomware operators. Among the groups listed were Ragnar Locker, also known as Dark Angels, who recently claimed the largest ransom to date of $75 million (opens a new window) as well as Blacksuit/Royal Ransomware, a group that has generated over $500 million from their victims in just under two years (opens a new window)

A Growing Threat

Ransomware is a growing threat to United States Critical Infrastructure and both the private and public sector. The economic gains by ransomware threat actors have allowed a booming dark web business to grow and minted countless overnight millionaires. Some threat actors are state sponsored, delivering the proceeds from their operations directly back to their governments. Some are opportunistic groups or individuals, looking to make quick and easy money from desperate organizations that are most likely to pay. To further complicate the challenge of attribution, sophisticated threat actors have been able to obfuscate their identities and locations, oftentimes leaving authorities with no ability to identify the threat actors, let alone bring charges against them.  

Though cybersecurity is often seen as an expense, it should be viewed as an investment. Investing in solutions to help improve organizational cybersecurity helps to prevent ransomware and similar threats. Detection is not enough when it only takes minutes to go from business as usual to completely shut down by cyber threat.  

The Impact of Ransomware on Regulated Industries

In highly regulated industries, like healthcare, continuing to pay ransoms only gives a green light to threat actors that their total addressable market (TAM) is growing. It also increases the likelihood that the organization who paid the ransom will be attacked again. In highly regulated industries, not having access to critical data or systems can translate into real-world implications. Healthcare was once considered “off limits” to these type of threat groups, but now that line has been crossed.  

It’s no longer just the data of corporations at stake. It's everyday civilian lives on the line. 

Everyday Impacts of Ransomware

Ransomware has evolved beyond an everyday cyber threat to a national security threat. Due to the nature of these crimes and the ability for threat actors to seemingly disappear without a trace, it demands the government step in to disrupt a danger to everyday citizens and our way of life. 

To learn more about how Everfox can help elevate your organization’s cybersecurity posture, click here.