Rising Ransomware Attacks Across Globe: UN Seeks New Cyber Discussions

Even as governments respond to an increasing number of ransomware attacks around the world, the future of United Nations-led attempts to develop norms surrounding how states should behave in cyberspace is unclear, according to various academics and experts.

In March, member nations of the United Nations met in a cyber discussion group to agree on a set of “norms,” or nonbinding rules, which includes a restriction on targeting vital infrastructure in other countries. Russia and France, however, proposed two competing groups to replace that forum, which was scheduled to end this year, according to a report by Wall Street Journal.

Creating Cyber Crime Norms A Long Shot

Stefan Soesanto, a senior researcher at the ETH Zurich university’s Center for Security Studies, said, “There is total confusion as to where the next step is and what this process leads us to.”

According to Moliehi Makumane, a consultant on cyber issues for the United Nations Institute for Disarmament Research, speaking at an online conference hosted by the magazine Foreign Policy on Thursday, there is no formal way for United Nations members to enforce nonbinding principles, and creating one will take a long time. “I don’t see member nations of the United Nations surrendering that power,” she added.

High-profile ransomware attacks this year on Colonial Pipeline, meat processor JBS SA, and Ireland’s public healthcare system drew widespread notice. As a result, the US administration required government agencies and software vendors to implement baseline security requirements like multifactor authentication and encryption, as well as launching several efforts to protect vital infrastructure from cyberattacks.

The US sanctioned a Russian cryptocurrency exchange last week for processing ransomware payments connected to at least eight different ransomware strains.

Clear Rules In Cyberspace Need Of The Hour

US President Joe Biden also addressed the United States General Assembly last week and said that we are “hardening our vital infrastructure against cyberattacks, disrupting ransomware networks, and working to create clear rules of the road for all nations in cyberspace.”

According to Dapo Akande, a professor of public international law at the University of Oxford, ransomware attacks violate international law if a government aids or permits hackers to attack another country. In the coming weeks, Akande and a group of legal experts from several nations will release a declaration detailing how ransomware breaches international law.

However, coordinating cybercrime responses across borders can be difficult. Heli Tiirmaa-Klaar, Estonia’s ambassador-at-large for cyber issues, believes that law enforcement agencies should work together more effectively to investigate and prosecute hackers who operate outside of their borders.

“Every country’s cyber specialists are overworked, and the burden is growing,” she added.