The Fraud Examiner

High-Profile Ransomware Attacks Pushing Companies and Governments to the Brink

Mason Wilder, CFE
Senior Research Specialist, Association of Certified Fraud Examiners                                 

Ransomware is not a new threat. Cybersecurity professionals have been identifying and combatting widespread ransomware campaigns for at least a decade. These acts of cybercrime have evolved, with the help of their perpetrators, to the point that cyber insurance providers began folding amid major losses and difficulty establishing viable premiums, and the U.S. government took a drastic step that could prove to be a watershed moment in cyberfraud.

Upon reading that the U.S. government would elevate ransomware investigations to the same level of priority as terrorism investigations, and then days later learning that the U.S. Department of Justice (DOJ) claimed to have seized a majority of the bitcoin recently paid as a ransom by Colonial Pipeline, it reminded me of a watershed moment that affected my previous career in risk management.

A different kind of ransom

I used to work at a company that specialized in international crisis response and our primary client was an insurance company that sold kidnap-for-ransom and maritime piracy policies — which included response services we provided. The insurance company would call our company whenever one of its clients filed a kidnapping or piracy claim, and we would have a consultant on a plane within 12-24 hours to go manage the response to the situation. From 2005-2012, the business model of hijacking maritime vessels in the Gulf of Aden and Indian Ocean and then holding the crews and cargo for ransom was profitable for Somali pirates and responding to these hijackings with the priority of ensuring the crew’s recovery was profitable for us.

Sign In

Not a member? Click here to Join Now and access the full page.