Comment In some ways, the ransomware landscape in 2023 remained unchanged from the way it looked in previous years.
AlphV/BlackCat might have squirmed their way out of authorities' clutches for now, but the action from national security agencies this year has given the industry reasons to be cheerful after a barren year for good news on this front.
2022 saw a rare drop in ransomware attacks but it was short-lived and still plagued by major incidents, even if there weren't quite as many of them.
The group ravaged organizations and governments for years before splitting off into smaller cells.
For years, various agencies repeated renditions of 'ransomware can no longer be tolerated', but the disruptions from the past 12 months feel like genuine steps in the right direction.
The industry needs governments to insert themselves into the crisis and take decisive action to stop ransomware from becoming even more out of hand than it already is.
It was arguably the scummiest of all the ransomware groups in 2023.
In the space of 12 months, its leaders - believed to be based in Russia - signed off on some of the worst acts ever seen in ransomware, including the leaking of breast cancer patients' nudes.
If the authorities are serious about disrupting ransomware for good, and ensuring criminals like those behind the worst operations are left without a job, then the approach must change.
Governments will have crucial roles in the fight against ransomware.
Industry will no doubt pray that 2024 will be the year in which state influence finally exerts itself into cybercrime in the way it needs to.
Law enforcement is doing a solid job at disrupting ransomware within its powers, and cybersecurity awareness in organizations is increasing gradually to mitigate the threat.
The next step in the fight against ransomware must come from the legislature.
2024 can and should be the year that's remembered not just for the biggest takedowns, but for the impactful policy decisions that help quell the threat for good.
There are a few schools of thought when it comes to combating ransomware through legislation, the most prominent of which is to ban ransom payments entirely, both from the public and private sectors.
Politicians have wrestled with implementing a ransom ban for years, but have taken no serious steps to introduce one.
The closest we've come on a global scale is with the International Counter Ransomware Initiative's pledge to refuse ransom payments, but without any private sector implications, it means fairly little.
The organizations hit with ransomware in the first months, years, or however long it takes for ransomware gangs to abandon their craft, after such a law's enactment will have their futures jeopardized.
What we have seen in the past year though is Western governments' willingness to keep fighting and refusal to back down against the threat.
The concrete action of LE in 2023 not only delivers admirable disruption to cybercrime but serves as a constant reminder that ransomware will never be accepted, even though it has become somewhat normalized.
This Cyber News was published on go.theregister.com. Publication date: Thu, 04 Jan 2024 12:13:06 +0000