Professor David Wall from the University of Leeds welcomes what the No More Ransom project is doing because the effects of ransomware could be quite devastating.
Sputnik: How significant are these savings and essentially does this represent good news?
David Wall: It is very good news and a lot of work and effort goes into this site. I haven't done the maths to work out individually how much people are saving, but I wouldn't dispute some of the figures here - it's quite a phenomenal issue. Ransomware is one of those crimes of extortion, which preys on the fact that we now live in this world where almost all aspects of our social, economic, political, even sexual lives involve using digital and network technologies that make them run smoothly. Naturally, any interruption to that flow of information, say, through ransomware, can be devastating, as individuals or individuals as part of an organisation or business - in some cases, national infrastructure.
Sputnik: Why is ransomware so popular amongst criminals? Why is it so hard to police against?
David Wall: This has been a really fascinating one because of the obscure routes by which they get the ransomware into computers, it's not that easy to look down the telescope the wrong way and see who they are. These are new worlds for organisations like police because it's multi-jurisdiction. A lot of these names, the evidence are possibly in email transactions, [which] is how a lot of the ransomware gets onto people's computers. They're what you call socially engineered, where people are encouraged to click links to websites and this is how this stuff gets into the computer.
Sputnik: Could we see other governments invest in similar methods, schemes, and partnerships to protect against hackers?
David Wall: I think it's important to point out that No More Ransom deals with economic ransomware and what we found was happening there are other strains of ransomware, which actually don't ask for a ransom; really what they're doing is they're destroying, they are what we call wipers - they just wipe data or they make it unusable, and they have to be regarded in a very different way, because there are different sets of criminal actors. No More Ransom focuses on the economic criminals and I think they're a very good example of bringing together government agencies from a very diverse range of countries, but they also bring together the private sector as well, parts of the cybersecurity industry local governments. They are quite a good model for collaboration, cooperation.
There are a whole lot of changes going on as we speak, because ransomware has hit so many people. In British law, we have the Computer Misuse Act, which deals with the malicious software, but then we have a different body of law that deals with the actual ransom - the crime of extortion. So I mean, that's rather problematic work; are you dealing with a computer misuse issue? Or are you dealing with it as a crime of extortion, where someone's trying to extort? These both require different bodies of evidence. There's work on at the moment to try and bring it together, but at moment it's very hard to actually identify which cases are ransomware which are not, because of this problem with the different bodies of law. We need to adapt the law to these cases.
Views and opinions, expressed in the article are those of the speaker and do not necessarily reflect those of Sputnik.
