Global police must partner up to prevent a ransomware crisis - here's how

Cybercrime is a global threat that knows no borders. With law enforcement limited to national borders, cybercriminals exploit the digital world’s limitless playing fields with near impunity. The escalation of cybercrime worldwide means a global law enforcement response has never been more crucial.

As an inter-governmental organization with the vision of connecting police for a safer world, INTERPOL has been analyzing a broad range of cyber threats since the inception of its Global Cybercrime Programme in 2015. In the past year, INTERPOL witnessed an exponential growth in the scale and impact of cyber threats as criminals and fraudsters exploited fundamental social needs and anxieties in the cyberspace during the COVID-19 pandemic.

Facing the challenge

In particular, ransomware attacks targeted governments, hospitals and other institutions on the front lines of the fight against the pandemic. By attacking these critical organizations, criminals were able to maximize the damage inflicted as well as their financial gain. Indeed, ransomware provides a highly enticing and lucrative business model for cybercriminals, especially with the development of double or triple extortion and ransomware-as-a-service models.

The COVID-19 pandemic has also opened up new avenues for cybercriminals to carry out various forms of online criminality regardless of the region. New and increased vulnerabilities and attack surfaces have emerged due to a surge in internet use during the pandemic, which outpaced business’ ability to secure remote workforces and online individuals. In addition to ransomware, prominent threats now include online scams, attempts to compromise business email, illegal data-harvesting operations, misinformation and the re-emergence of older types of malware, which were repurposed to take advantage of the global pandemic.

Finding a solution

At its High-Level Forum on Ransomware on 12 July 2021, INTERPOL called on police and their partners around the world to commit to stop this potential ransomware pandemic. In the face of the continued evolution of cyber threats on a global scale, the secure and swift exchange of actionable information will be fundamental to locating evidence, suspects and victims in multiple jurisdictions simultaneously.

Cybercrime investigation involves challenges that are not typical to “real world” investigations, however. For example, it is difficult for law enforcement to know first-hand that an attack has occurred, and even then, reporting rates are low. In the UK, only 1.7% of estimated total offences were referred to authorities in the 12 months to 30 September 2020. This underreporting problem limits law enforcement’s ability to accurately assess threats and effectively respond to them. This can cause cybercrime to fall down the priority list within many law enforcement agencies worldwide, which further exacerbates the situation.

Investigating cybercrime also requires specific skills and technology that are not universally available such as malware profiling, darknet tracing and cryptocurrency analysis. The gaps left in law enforcement cyber capability or regional capacity as a result can enable online criminal networks and activities to slip through the net.

Moving out of the comfort zone

Recognizing these challenges, the global law enforcement community has been making efforts to be open and inclusive. In 2019, for example, INTERPOL’s General Assembly endorsed Gateway, a legal framework that enables INTERPOL to share information with certain private sector companies.

These partners have a clear view on cyber threats on a global scale coming from different sectors. INTERPOL is therefore able to receive up-to-date cybercrime data from them, as well as tapping their expertise on recent trends and gaining technical assistance. Endorsing such partnerships is a departure for law enforcement, demonstrating its willingness to accept institutional and technological innovation in order to tackle cybercrime.

Among the various ways to collaborate with these partners, one of the most successful examples has been global public awareness campaigns on cybercrime. INTERPOL has been running these campaigns with its partners annually since 2019, reaching more than 7.5 million users across the globe each time. This year, about 90 member countries signed up for the #JustOneClick campaign.

These campaigns address the challenges global law enforcement faces in preventing a ransomware pandemic in three ways:

1) Prevention is the best cure

Stopping harm before it happens is clearly the optimal outcome in most situations. In the world of cybercrime prevention, however, mitigation or recovery measures are not always available or up-to-date. Prevention campaigns can promote cyber hygiene amongst the public and remind people that just one click can let malware into their system. Raising awareness can also boost reporting of cybercrime because the public gains a better understanding of the issue.

2) Partnerships increase effectiveness

Global awareness campaigns allow law enforcement to work with the diverse actors in the global cybersecurity ecosystem under the common goal of making cyberspace safer. This strategic alignment leads to effective collaboration and active participation in sharing prevention tips with the public. We have found that some law enforcement organizations even voluntarily translate our prevention campaign strategies for their local communities.

3) Cross-collaboration builds public trust

Throughout these campaigns, cross-sector collaborations are visible to the public. This boosts these relationships and helps build trust. Public recognition of mutual efforts was identified as a key element of a successful partnership by the World Economic Forum’s Partnership Against Cybercrime Insight Report. The synergies that the World Economic Forum and INTERPOL are creating together further induce trust between the public and private sectors in a neutral environment.

Taking the next step

Cybercrime poses a formidable challenge to security worldwide and inhibits the potential of digital economies. Greater participation by the international community in building the global response to cybercrime will help overcome these issues.

A proactive prevention culture must be instilled in every organization, regardless of location or size. Further investment in raising awareness of cybercrime risks, mitigation strategies and enhancing cyber hygiene will also maximize downstream preventive benefits.

For law enforcement, digitalization has brought an opportunity to be inclusive and open, collaborating beyond national borders and sectors. And while awareness-raising and prevention efforts have made great progress in this area, challenges remain, including underreporting and gaps in cyber capability and capacity. A multi-stakeholder approach would also help to address these issues.