A 2021 report by cybersecurity firm Sophos found that 78% of Indian businesses were targeted by ransomware attacks, indicating a rising level of such crimes. A similar trend was observed in the Indo-Pacific region, where countries in the region were one of the countries targeted by ransomware attacks in the previous year. However, these cases are not limited to private industry, but span sensitive targets called critical to national interest.
A recent ransomware attack against AIIMS, one of India’s largest public health institutions, has highlighted the danger cyberattacks pose to human lives. The attacker targeted his AIIMS server with malware that cripple the server. Various services were affected, from patient registration to emergency services, impacting patients and curtailing hospital operations for several days. In addition, a large amount of personal data was leaked, including the information of important people.
Trends for 2022 suggest that the healthcare industry will be the target of ransomware attacks (after manufacturing). The problem is global in nature. A cyberattack targeting the tiny Pacific island nation of Vanuatu in November 2022 had a major impact on government networks and crippled services. Another large-scale ransomware attack on the Colonial Pipeline in 2020 wreaked havoc on fuel supplies in the eastern United States.
Ransomware represents the complexity of a cyber domain that can not only cause economic loss, but can also be attacked for economic, political, or military gain. As such, ransomware has emerged as a major national security threat.
Cyberspace has evolved into a regular part of national technology. Countries around the world are actively involved in cyberspace, with both state actors and sophisticated non-state groups. These include not only covert cyberattacks in the form of espionage, but also disruption and exploitation for economic gain. Snowden leaks reveal espionage operations by the United States, while China conducts a large-scale cyber espionage operation for economic gain and espionage. Her 2015 pact between the United States and China distinguished between espionage for national security purposes and commercial espionage.
In the case of ransomware, commercial gain can be combined with more strategic goals related to political and military goals. A series of ransomware attacks in 2017 (including WannaCry) targeted computer systems in multiple countries, including the UK’s National Health Service. In contrast to covert espionage, ransomware has tangible effects. It targets victims both psychologically and physically.
As stated by India’s IT Minister Rajeev Chandrashekar, the AIIMS incident was a deliberate attempt by a group of state-owned organizations. Such state-sponsored hackers (such as Iran’s Cyber Army) are state-sponsored, but may act independently. For example, in the war in Ukraine, both Russia and Ukraine called on cyber groups to join the battle. Cybercriminal groups are participating at the behest of states, further blurring the line between state and non-state actors in cyberspace.
In the case of AIIMS, the attackers threatened to leak patient records without actually demanding a ransom, demonstrating the complexity of the attack with various motives. India is also the victim of a cyber-attack probing the energy grid of its critical infrastructure, a warning suspected to be the work of Chinese actors. Including an investigation into the power grid in , related to the ongoing border dispute with India.
Actions taken by states or state-sponsored hackers will become the new normal, and the threat posed by ransomware, along with other cybersecurity issues, must take into account national strategies.
Given the urgency, countries are preparing a variety of postures to counter cyber threats, from diplomacy to the use of intelligence agencies and even offensive measures. The EU has developed a cyber diplomacy toolbox showing the different options available for different types of cyberattacks. This is especially important in defining the steps nation states can take to sabotage the networks of cybercriminal groups. Meanwhile, the United States has taken action against a Russian-based cyber group involved in the 2016 election disinformation campaign and her continued actions in the 2018 midterm elections. This was done under a “defensive forward strategy” to thwart the attack at its source.
Coordinated efforts are influencing ransomware groups. As observed in the Microsoft Defense Report 2022, ransomware attacks are declining as a result of these efforts. Multiple suspects have been arrested in coordinated actions across the US, Europe, and Asia, as illustrated by the case of Russia-based ransomware gang REvil. However, geopolitical tensions limit the level of cooperation.
In the case of AIIMS, tying the issue to China complicates the ransomware issue due to tensions between the two countries. These tensions are reflected in the response that the security race is upending previous advances in cooperation against cybercrime. These changes have prompted other states to pursue more robust resilience mechanisms to combat cyberattacks.
Establishing norms is paramount in defining the boundaries of cyberattacks. The participation of the Indo-Pacific countries (some of the countries most affected by cyberattacks) is important here.
Indo-Pacific countries are still developing their strategies, and some lack a clear roadmap for defining threats and actions. However, cyber infrastructure is fragile in much of the region, and some countries have recently moved to IT systems due to the COVID-19 pandemic. The Indo-Pacific region is largely represented by small industries and fragile economies, which impact national efforts to defend against and recover from cyberattacks.
Alignment between minilaterals can also serve as a guide. Quad groups from Australia, India, Japan and the United States specifically addressed the threat of ransomware to the region, especially to supply chains and economic development, calling for capacity building and sharing mechanisms across the region. The International Ransomware Initiative, led by the United States, comprises 37 states, including Indo-Pacific countries such as Singapore, Australia, and India. This aims to establish practical cooperation to mitigate criminal groups and build norms through the new UN Cybercrime Convention.
At the national level, measures such as the US law on sharing information within 72 hours by critical infrastructure companies can be adopted. Attack reports need to be made more public, as incident reports are essential to malware analysis. Public-private partnerships such as Virtus Total can create repositories for analysis by various organizations.
However, as highlighted in the Vanuatu cyberattack, resource pools are critical for small states. Such cooperation is occurring in the Pacific amid rising cyberattacks and requires multi-front coordination.