Americans queuing up to fill gas canisters as a major pipeline was taken down. An entire nation unable to carry out blood tests for health emergencies after Ireland was targeted by hackers. Barely a week goes by without crisis incidents of computer networks penetrated by criminals, and yet the world appears immobilised on tackling the problem.
Ransomware attacks are big business. They are conducted at low cost and for high reward. Companies and countries hand over tens of millions of dollars regularly for the return of their systems. The pressure is all on one side, forcing the victims to pay up.
Policy options are few. When the World Economic Forum issued a policy paper on the issue in the oil and gas industry recently, it urged operators to put cyber resilience at the heart of the business. The 10-point plan in the report was heavy on resilience in the face of the threat, demanded clarity on the firm’s risk appetite, and made clear the importance of internal reporting and accountability.
Policymakers have so far failed to provide an overarching response to stop the ransomware blitz in the first place.
Experts are examining the importance of cryptocurrencies in the transactions. Pressure for a ban or, at least, a new effort to regulate cryptocurrencies is inevitably going to grow. There is a strong logic behind this, but the signs are governments are going to try every other option before honing in on the most effective one.
The scale of digital payments to unlock frozen systems or return access to data is only growing. The US firm CNA Financial revealed last week it paid $40 million to unlock its data from a ransomware variant of Hades, the malware created by the Russian hackers Evil Corp. The clue to the predicament is so often in the name.
Colonial Pipeline confirmed it paid $4.4m to the hackers DarkSide. An analysis of the bitcoin wallet found it had been paid – presumably from all attacks – a total of $17m since March, according to the specialist experts at Elliptic.
The average payment for ransom attacks was $312,493 in 2020, an increase of 171 per cent on the previous year.
The Irish government has been adamant that it is not going to pay the $20m demand. Its healthcare services – from treatments to blood tests – have been down for a week. Patient and staff payroll data was stolen and there is an expectation this will be sold on the dark web. The plight of people unable to access care appears to have forced the hand of the hackers. A decryption key was provided and the government has stressed no payment was made for this. However, these keys are often partial solutions and not all encryption can be unwound in one go.
The insurance industry has started to sound the alarm on the trend. According to Swiss Re chief executive Christian Mumenthaler, there is a lack of appreciation that, while ransom payments can still be seen in the context of $5.5 billion premiums from cyber insurance policies, the overall fraud in the sector is hundreds of billions a year globally.
The French insurer Axa, meanwhile, was hit by a ransomware attack when it said it would no longer pay out on its policies to cover ransoms. Its Thailand and Hong Kong offices were targeted.
Ireland's health system has been targeted by hackers in two sophisticated ransomware attacks. Reuters.
What is puzzling is that governments have a well-developed set of policies on piracy, kidnapping and ransom but so far not cyber.
The US State Department has estimated that, while many kidnappings in places such as the Sahel are reported as political, up to 80 per cent are carried out by criminals seeking a financial gain. The US Treasury has imposed sanctions on hackers. For example, 17 individuals and six entities linked to Evil Corp were targeted with penalties in December 2019.
However, there is little consistency in the system. CNA Financial is reported to have shared intelligence about the hack, including the demands and the hackers' identity, with Treasury and FBI agents.
Cyber-currencies make ransoms too easy to store and hold
On the other hand, Colonial Pipeline appears to have frozen out the authorities as it moved to restore its control over its system. There are arguments for victims to face a legal obligation to notify and declare all ransom payments so that the issue no longer resides in the shadows. Counter-arguments have been made that this further penalises the victim.
The dark world of ransom payments could also be targeted through mainstream banks and the international financial system. An extension of the "know your customer" requirement on financial institutions has been effective in reducing payments and donations to terror groups.
Dominic Raab, the British Foreign Secretary, used a keynote speech recently to position capabilities to fight cyber attacks – he put the number of compromised organisations in the US at 30,000 and in the UK at 3,000 – as a key strategic asset in the international system. Fighting the "war of attrition", he warned, is going to take offensive state-level cyber capabilities.
Ultimately, the phenomenon of cyber-currencies cannot be ignored. These make ransoms too easy to store and hold.
There are parallels with the famed system of numbered bank accounts in Switzerland. Eventually, governments got together and decided that bank accounts must bear names, addresses and be subjected to checks. This is another area where the crypto boom needs reining in.
Damien McElroy is the London bureau chief at The National
Specs
Engine: Electric motor generating 54.2kWh (Cooper SE and Aceman SE), 64.6kW (Countryman All4 SE)
Power: 218hp (Cooper and Aceman), 313hp (Countryman)
Torque: 330Nm (Cooper and Aceman), 494Nm (Countryman)
On sale: Now
Price: From Dh158,000 (Cooper), Dh168,000 (Aceman), Dh190,000 (Countryman)
Martial status: Married with three children - aged 8, 6 and 2
Education: Masters of arts in cultural communication and tourism
Favourite movie: Captain Corelli’s Mandolin
Favourite hobbies: Art and horseback ridding
Occupation: Communication specialist at a government agency and the owner of Atelier
Favourite cuisine: Definitely Emirati - harees is my favourite dish
German plea
Ukrainian President Volodymyr Zelenskyy told the German parliament that. Russia had erected a new wall across Europe.
"It's not a Berlin Wall -- it is a Wall in central Europe between freedom and bondage and this Wall is growing bigger with every bomb" dropped on Ukraine, Zelenskyy told MPs.
Mr Zelenskyy was applauded by MPs in the Bundestag as he addressed Chancellor Olaf Scholz directly.
"Dear Mr Scholz, tear down this Wall," he said, evoking US President Ronald Reagan's 1987 appeal to Soviet leader Mikhail Gorbachev at Berlin's Brandenburg Gate.
The flights Emirates flies to Delhi with fares starting from around Dh760 return, while Etihad fares cost about Dh783 return. From Delhi, there are connecting flights to Lucknow. Where to stay
It is advisable to stay in Lucknow and make a day trip to Kannauj. A stay at the Lebua Lucknow hotel, a traditional Lucknowi mansion, is recommended. Prices start from Dh300 per night (excluding taxes).
Funders: Wamda Capital, Modern Electronics (part of Al Falaisah Group) and North Base Media
Our legal consultant
Name: Hassan Mohsen Elhais
Position: legal consultant with Al Rowaad Advocates and Legal Consultants.
England squad
Joe Root (captain), Alastair Cook, Keaton Jennings, Gary Ballance, Jonny Bairstow (wicketkeeper), Ben Stokes (vice-captain), Moeen Ali, Liam Dawson, Toby Roland-Jones, Stuart Broad, Mark Wood, James Anderson.
Results
5pm: Wadi Nagab – Maiden (PA) Dh80,000 (Turf) 1,200m; Winner: Al Falaq, Antonio Fresu (jockey), Ahmed Al Shemaili (trainer)
5.30pm: Wadi Sidr – Handicap (PA) Dh80,000 (T) 1,200m; Winner: AF Majalis, Tadhg O’Shea, Ernst Oertel
6pm: Wathba Stallions Cup – Handicap (PA) Dh70,000 (T) 2,200m; Winner: AF Fakhama, Fernando Jara, Mohamed Daggash
6.30pm: Wadi Shees – Handicap (PA) Dh80,000 (T) 2,200m; Winner: Mutaqadim, Antonio Fresu, Ibrahim Al Hadhrami
7pm: Arabian Triple Crown Round-1 – Listed (PA) Dh230,000 (T) 1,600m; Winner: Bahar Muscat, Antonio Fresu, Ibrahim Al Hadhrami
7.30pm: Wadi Tayyibah – Maiden (TB) Dh80,000 (T) 1,600m; Winner: Poster Paint, Patrick Cosgrave, Bhupat Seemar
The figures behind the event
1) More than 300 in-house cleaning crew
2) 165 staff assigned to sanitise public areas throughout the show
3) 1,000 social distancing stickers
4) 809 hand sanitiser dispensers placed throughout the venue
How much do leading UAE’s UK curriculum schools charge for Year 6?
Nord Anglia International School (Dubai) – Dh85,032
Kings School Al Barsha (Dubai) – Dh71,905
Brighton College Abu Dhabi - Dh68,560
Jumeirah English Speaking School (Dubai) – Dh59,728
Gems Wellington International School – Dubai Branch – Dh58,488
The British School Al Khubairat (Abu Dhabi) - Dh54,170
Dubai English Speaking School – Dh51,269
*Annual tuition fees covering the 2024/2025 academic year
Countries offering golden visas
UK Innovator Founder Visa is aimed at those who can demonstrate relevant experience in business and sufficient investment funds to set up and scale up a new business in the UK. It offers permanent residence after three years.
Germany Investing or establishing a business in Germany offers you a residence permit, which eventually leads to citizenship. The investment must meet an economic need and you have to have lived in Germany for five years to become a citizen.
Italy The scheme is designed for foreign investors committed to making a significant contribution to the economy. Requires a minimum investment of €250,000 which can rise to €2 million.
Switzerland Residence Programme offers residence to applicants and their families through economic contributions. The applicant must agree to pay an annual lump sum in tax.
Canada Start-Up Visa Programme allows foreign entrepreneurs the opportunity to create a business in Canada and apply for permanent residence.
MATCH INFO
Uefa Champions League quarter-final, second leg (first-leg score):
Manchester City (0) v Tottenham Hotspur (1), Wednesday, 11pm UAE
