Ransomware: A Perfect Storm

Download PDF(3MB)

Courtesy of Negro Elkha

This Emerging Insights paper by James Sullivan and James Muir analyses the ransomware threat and outlines policy options for organisations, policymakers, law enforcement and national-level cyber security agencies.

This Emerging Insights paper calls for a new set of policy interventions to reduce the threat from ransomware. Options range from introducing legislation to prevent ransom payments, to tackling the use of penetration testing tools used in ransomware attacks, to national-level mechanisms to bolster preparedness for a ransomware attack. This paper intends to be a platform for further debate on global ransomware policy choices. 

The research for this paper highlights how ransomware attacks continue to have a significant impact on businesses and organisations across the globe, resulting in high levels of cost and disruption. Using BAE Systems’s threat intelligence capability, this paper explores the methods, impact and mitigation of ransomware attacks in detail. Case studies reveal the success and popularity of ‘double extortion’ ransomware attacks which include data theft. The research also describes the range of attack vectors and exposed attack surface available to ransomware operators and reveals how different criminal ransomware operators collaborate and learn from each other. In the context of a global pandemic, the paper shows how cyber criminals continue to exploit victims and cause disruption with impunity. 

The paper underlines the complexities that businesses and governments face when deciding whether to pay a ransom following a ransomware attack. Complications include paying criminals that are subject to indictments or sanctions, the potentially questionable role of ransomware recovery negotiators, and the arguably misunderstood role of cyber insurance companies. Further research is needed to determine the true impact of these auxiliary complexities. 

Finally, the paper urgently calls for a new set of policy interventions based on the ‘Prevent, Pursue, Protect and Prepare’ approach to tackling cybercrime. In doing so, this research highlights a type of cybercrime that is spiralling out of control and requires urgent policy intervention.

Related content

Episode 20: Disrupting the Ransomware Ecosystem
clock54 Minute Listen
View onlinechevron-right


James Sullivan

Director, Cyber Research


View profile


Explore our related content