5 urgent actions in the fightback against ransomware

Ransomware attacks are used to lock computer systems until a ransom is paid – often in cryptocurrency.

Ransomware attacks are used to lock computer systems until a ransom is paid – often in cryptocurrency. Image: Getty Images/iStockphoto

Philip Reiner
CEO, Institute for Security and Technology
Our Impact
What's the World Economic Forum doing to accelerate action on Cybersecurity?
The Big Picture
Explore and monitor how Cybersecurity is affecting economies, industries and global issues
A hand holding a looking glass by a lake
Crowdsource Innovation
Get involved with our crowdsourced digital platform to deliver impact at scale
Stay up to date:


Listen to the article

• Criminal organizations are using ransomware to exploit vulnerabilities during the pandemic.

• Ransomware attacks have both a financial and a human cost.

• 65 business, non-profit and government organizations have banded together to form the Ransomware Task Force.

With the world still reeling from the effects of COVID-19, bad actors are stepping up efforts to capitalize on the global unrest with varying degrees of success. None have found so much success – and caused so much damage – as the criminal enterprises that have employed ransomware to threaten industry, commerce, education and lives in ways that transcend geopolitical boundaries.

Members of the World Economic Forum are familiar with how ransomware works, as criminals deploy malware that encrypts data on a victim’s IT network, making it inaccessible to them until a ransom is paid – often in the form of cryptocurrency. What many are not aware of is just how pervasive this activity has become, and how destructive it is in terms that go well beyond financial losses.

The average ransom paid by victimized organizations has more than doubled in the COVID-19 era, reaching $312,493 last year, according to the 2021 Unit 42 Ransomware Threat Report. Those figures tell just part of the economic story, as the cost of system downtime and recovery often eclipses the ransom payment. And the human toll is even more dire. Ransomware stops hospitals, educational institutions and governments from operating effectively, or it sometimes shuts them down entirely for days or weeks.

Have you read?

During a ransomware attack, IT administrators often struggle to recover data and restore operations, while employees are idle. Meanwhile, senior leaders engage in intense internal deliberations, debating whether to pay the ransom or tough it out through the remediation process. In the interim, patients in hospitals lose access to chemotherapy doses and operations are delayed. Logistics providers find themselves unable to deliver COVID-19 vaccines. Children go uneducated. And municipal and regional governments stop providing basic services.

This toll on society is why global leaders must act.

Thankfully, they are doing so. More than 65 software companies (including some longstanding and fierce competitors), cybersecurity vendors, government agencies from US and European countries, non-profits and academic institutions have joined forces to tackle this insidious threat. Under the moniker of the Ransomware Task Force (RTF), this group of industry leaders has developed a clear, structured set of recommendations that, if resourced and implemented, could rapidly reduce the impact of ransomware on society.

Their names are familiar to anyone who has gathered in Davos: Microsoft, Amazon Web Services, Palo Alto Networks, Rapid7 and McAfee, just to name a handful. These businesses have provided workhorses, not show horses, collaborating to fight a problem that is simply too endemic for any one company, industry or government to mitigate on its own. The fact that they have come to that collective realization speaks volumes about the size of this effort.

The Task Force’s recommendations, published in a recent report entitled Combating Ransomware: A Comprehensive Framework for Action, outline actions that governments, businesses and non-profits can take to deter ransomware criminals and disrupt their business model. While the report directs many of its recommendations at the US government due to task force members’ strong connections there, the report also calls on other national governments and industries to work together as part of a global, collaborative effort to stem the tide of these attacks.

The pandemic has dramatically escalated the use of ransomware attacks
The pandemic has dramatically escalated the use of ransomware attacks Image: IST

The primary objective of these actions is to deter ransomware criminals; help organizations prepare for and defend against attacks; undermine the practices that make ransomware so lucrative; and respond to ransomware attacks more effectively.

While there are too many recommendations in the 81-page report to list here, the RTF identifies five critical and urgent actions that form the backbone of its comprehensive framework:

1. International diplomatic and law enforcement agencies must declare ransomware a priority and carry out a comprehensive and resourced strategy, which would include measures to prevent nation states from providing safe haven to ransomware organizations.

2. The White House should coordinate an aggressive, sustained and intelligence-driven “whole-of-government” operational campaign, working more closely together with private industry and other governments, to fight ransomware.

3. Governments need to create cyber response and recovery funds; require that businesses and other organizations report ransom payments; and mandate that organizations consider alternatives before making payments.

4. The international community should coordinate efforts to develop a single, widely adopted Ransomware Framework that will help organizations prepare for and respond to ransomware attacks.

5. Governments must regulate the cryptocurrency sector more closely, and ensure exchanges, kiosks and over-the-counter trading desks comply with existing regulations, including know your customer, anti-money laundering, and combatting financing of terrorism laws.

If enacted together, these steps would result in immediate and longer-term benefits, and show cybercriminals that ransomware is no longer an easy and safe strategy for financial gain.


How is the Forum tackling global cybersecurity challenges?

The ongoing efforts within the World Economic Forum's Partnership Against Cybercrime strongly position members to lead the implementation of many of these recommendations. Indeed, World Economic Forum members are uniquely positioned to do so, and have the means and influence to help wage this battle. The RTF’s report should be the beginning of a global conversation, with the world joining forces to mitigate a problem that threatens us all.

Don't miss any update on this topic

Create a free account and access your personalized content collection with our latest publications and analyses.

Sign up for free

License and Republishing

World Economic Forum articles may be republished in accordance with the Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International Public License, and in accordance with our Terms of Use.

The views expressed in this article are those of the author alone and not the World Economic Forum.

Related topics:
CybersecurityFourth Industrial Revolution
World Economic Forum logo
Global Agenda

The Agenda Weekly

A weekly update of the most important issues driving the global agenda

Subscribe today

You can unsubscribe at any time using the link in our emails. For more details, review our privacy policy.

Tinder Swindler: How 'romance fraud' became a multi-billion dollar cybercrime

Robin Pomeroy and Sophia Akram

May 24, 2024

About Us



Partners & Members

  • Join Us

Language Editions

Privacy Policy & Terms of Service

© 2024 World Economic Forum