The cruel march of ransomware[1] has apparently reached a grim new milestone. In Germany, authorities are investigating the death of a patient during a ransomware attack on a hospital; according to reports[2], the woman, who needed urgent medical care, died after being re-routed to a hospital further away, as a nearer hospital was in the midst of dealing with a ransomware attack.
Elsewhere ransomware continues to create painful, if less tragic, disruptions. The UK's cybersecurity agency has just warned that ransomware groups are launching 'reprehensible' attacks[3] against universities as the new academic year starts. On a daily basis, companies large and small are finding their business disrupted when they can least afford to have computer systems failing.
And yet, there seems to be a sense in some quarters that ransomware is simply an inevitable consequence of our digital age. That it is something that we just have to learn to accept.
In reality, ransomware exists because of a series of failures. While apparently unrelated, they combine to create the conditions under which ransomware can flourish and become one of the biggest menaces on the internet today. If we want to stop the next decade becoming the decade of ransomware, we need to make some significant changes.
Policing versus politics Many of these gangs operate from countries where their behaviour is either not considered criminal, or over-looked by authorities (so long as they don't attack local companies), or even actively welcomed as a source of new funds. That means treating ransomware as a simple law-enforcement issue is never likely to fix the problem: these states will never hand over these gangs to outside justice. This makes ransomware a political issue as much as a problem for police. Politicians should make clear