What will happen when authorities will forbid paying ransom?

In 2020, ransomware attacks will take aim at public infrastructure.

Transportation systems and water treatment plants will be targeted by ransomware – and the attacks could have deadly consequences.

In 2019, an increasing number of government agencies, public and financial institutions and electricity companies – all critical parts of daily life – suffered IT system shutdowns as a result of ransomware attacks. These organisations often paid ransoms to recover their operations and restore damaged data. Professionals in the field estimate that in 2019 the direct damage from ransomware attacks exceeded $12 billion. The actual ransom money paid was higher than $5 billion (£3.7bn).

Many victims of ransomware attacks in the US sought government assistance, but the FBI had to turn down most of them. The bureau and other cybersecurity officials have stood helpless, unable to confront what has become what has become a global epidemic. In 2020, we will start to reckon with the reality of cyber-crime on a global scale.

Like terror, whether domestic or foreign, cybercrimes will increase the sense of insecurity for people in 2020. Many basic services around homes and workplaces will no longer be reliable. Living with the fear of terrorism also means that people will resort to psychological denial in order to seek peace of mind.

Cyber-awareness campaigns, some supported by government funds, will fail to contain the epidemic. The simplest phishing email will remain the most common entry point of cybercriminals into an organisation’s IT system. In 2020, insurers will reconsider their cyber-insurance policies, especially as they first identified this threat two decades ago. They have been unable to develop a sustainable and profitable business model for risk assessment.

In an attempt to address people’s concerns, with hardly any professional and inter-agency preliminary work, governments will pursue swift legislation to forbid paying ransom to cybercriminals. But this legislation will turn thousands of law-abiding citizens into criminals when law enforcement officials find that they are unable to offer support or a cure for those who suffer cyberattacks.

Cyber criminals will move accordingly. In the coming months they will be able to target civic infrastructure that can put human life at risk if it is compromised. This will include targeting transportation systems and water treatment plants. Hundreds of millions of US dollars will be transferred in Bitcoin to cyber-criminals – all in accordance with the law.

In 2020, we will see increased efforts by cyber criminals to prey on the wealth of the western world. Equating cyber-criminals to terrorists will become more popular as the stakes become higher. Addressing this threat will require more than simplistic legislation. It will require mobilising tremendous government resources towards securing critical infrastructures, as well as adopting a dynamic national strategy. In 2020, we will reckon with the power of cyber crime.

Moty Cristal

Cyber-crisis negotiator and CEO of NEST Negotiation Strategies