On 23 November, the prestigious All India Institute of Medical Sciences (AIIMS), New Delhi issued a statement mentioning that the server for National Informatics Centre’s (NIC) Hospital being used was down due to which outpatient and inpatient digital hospital services including smart lab, billing, report generation, appointment system, etc, were affected and all those services were running on manual mode. The NIC also informed that a ransomware attack affected the hospital server.
Ransomware which primarily centers around the extortion of financial resources by encrypting and blocking networks and then seeking ransom from the targets to decrypt has become a major cybercrime faced by governments, institutes, business houses as well as individuals alike.
From thrill seekers and individuals trying to make fast bucks, it has transformed into a very sophisticated form where criminal syndicates and terrorist groups seek hefty sums through cryptocurrency-based payments.
CommonSpirit Health— ranked as the fourth-largest health system in the US with over 140 hospitals, was hit with a major ransomware attack in October.
While most nations have CII Protection policy to deal with such attacks, these mostly have a transnational character and criminal syndicates operating from safe havens.
The QUAD is a better organised group that can really set the tone for cooperation in combating cybercrimes and more specifically ransomware.
The leaps in technology need much closer cooperation with the industry ecosystem that offer newer vistas of technology.
Global Rise In Ransomware Crimes
The emergence of Ransomware-as-a-Service (RaaS) gangs has become a force multiplier. This year, more than 25 known cases of major ransomware attacks have been reported where ransom in billions have been demanded and many victims have negotiated and paid to avoid business and reputational loss. The transnational angle of these crimes and casual cooperation among law enforcement bodies add to the complexity in trying to nab the gangs.
It has been observed recently that the ransomware attacks on healthcare organisations and hospitals have increased significantly since the pandemic period. At the beginning of October this year, CommonSpirit Health— ranked as the fourth-largest health system in the US with more than 140 hospitals, was hit with a major ransomware attack.
In a report published in July this year by Sophos based on engaging 391 medical organisations, 65% of the hospitals were attacked with ransomware in 2021 compared to 34% in 2020 and 61% of them had succeeded in encrypting data.
A Compromised Healthcare Cyber Security
Medical and health systems are regarded as Critical Information Infrastructures (CII) in most countries because healthcare organisations are critically dependent on access to data including patient records for having their operations maintained and they are regularly targeted by ransomware attacks.
Access to patients’ data at all times is critical for the medical community to ensure proper treatment and in a timely manner. Further, the patients' data also have the angle of privacy and often these data are found in the dark web for sale and manipulation.
While most nations have their CII Protection policy in place to deal with such attacks, most of these attacks have a transnational character and criminal syndicates operate these attacks from safe havens. Thus, national laws with criminal provisions and penalties fail to nab the actual perpetrators of these crimes.
Often such tactics of ransomware are used by rogue nations to impact networks in nations across the world. Thus, international cooperation is crucial to address ransomware pursuits.
QUAD’s Strategy To Tackle Ransomware Threats
On the sidelines of the UN General Assembly session in New York, the four Quadrilateral Security Dialogue (QUAD) foreign ministers met on 23 September and deliberated on the approach to tackle ransomware, thus, taking forward the discussion at their meeting in February in Melbourne. The joint statement issued post this meeting clearly touched on ransomware and other cyber threats but also the protection of CIIs and approaching them from a multi-stakeholder approach.
Likewise, the US-led Counter Ransomware Initiative (CRI) of 36 countries in its meeting in October 2021 highlighted all aspects of the ransomware threat ecosystem and pushed for cooperation around technical aspects and law enforcement to build resilience, diplomacy and countering the illicit financing and crypto and related payment systems.
Possibly, the QUAD is a better organised group that can really set the tone for cooperation in combating cybercrimes and more specifically ransomware. Many of the low-hanging fruits like the Computer Emergency Response Team (CERT)-to CERT-cooperation in incident sharing is already happening. However, there are many challenges that remain and can be best addressed by the group.
How Can Transnational Co-Operation Combat Cybercrimes
First is the issue of correct attribution. Even the UN Group of Governmental Experts (GGE) in its 2021 report has identified that attribution is a complex undertaking and that a broad range of technical, legal, and political factors should be considered before establishing the source of an Information Communication Technology (ICT) incident.
The QUAD could take the lead in setting up a Standard Operating Procedure (SOP) for attribution which should also include joint Research & Development(R&D) efforts in network traffic analysis. Secondly, a regime should be fostered that ensures nations meet their international obligations regarding wrongful acts attributable to them under the international law and also not use proxies to commit internationally wrongful acts using ICTs and also ensure that their territory is not used by non-state actors to commit such acts.
As the ministers highlighted in their statement, denying safe haven to ransomware actors in the region and assisting partners across the Indo-Pacific to follow the same will be a good first step. Thirdly, the leaps in technology need much closer cooperation with the industry ecosystem that offer newer vistas of technology enablement as well as threat analysis.
To start with, a common ransomware assessment checklist could be prepared and circulated across organisations and industries based on the groundwork by the member country CERTS. They would be backed by law- enforcement cooperation on the ground so that joint investigations are carried out and cryptocurrency payments are also tracked and ring leaders nabbed. Meanwhile, severs and networks need to be better equipped with latest cyber security tools.
(Subimal Bhattacharjee is a commentator on cyber and security issues around Northeast India. He can be reached @subimal on Twitter. This is an opinion piece and the views expressed are the author’s own. The Quint neither endorses nor is responsible for them.)