By Zachary Thoreson, Cybersecurity Threat Intelligence Analyst, Global Cyber Security Team, AES
The threat landscape for ransomware is constantly changing with evolving variants and the seemingly endless game of Whack-a-Mole with digital crime gangs. With the Ransomware-as-a-Service (RaaS) model becoming more popular, ransomware gangs provide a cut of the profit to individuals able to infect organizations with ransomware and generate payment. The motivation behind the attacks continue to remain financially driven resulting in the attacks being purely opportunistic with plenty of profit to be shared with an average payout around $170,000 per attack[i]. In an analysis by Chainalysis, ransomware attacks amassed a total of $406 million in 2020 and are on pace to further increase in 2021[ii]. As ransomware gangs become more ambitious in their targeting, they have drawn the increased attention of governments around the world.
Flying too close to the sun
While profits soar, the greed may result in the downfall of some ransomware groups. In early May, as was widely reported, the DarkSide criminal organization leveraged a compromised account to access and deploy ransomware to the Colonial Pipeline’s computer networks. The attack brought the critical fuel pipeline to a halt for days resulting in fuel shortages and consumer panic. However, the attack gained a large amount of unwanted attention for the group. As a result, DarkSide released a statement stating the affiliate program is closed and that the group would no longer be operating[iii]. The unwanted publicity to ransomware activity also resulted in a major Russian-language cyber criminal forum, XSS, to ban ransomware related commerce on its website[iv]. It is apparent that the attack resulted in much more attention than the group realized or wanted.
At the same time another ransomware gang, Conti, paralyzed Ireland’s Health Service in a ransomware attack against critical IT infrastructure. The gang provided the Health Service a decryption key, but still holds the compromised data for ransom[v]. Conti and DarkSide both have broken unspoken rules within the underground community of not attacking high profile infrastructure or healthcare entities – moves that will bring a large amount of attention to ransomware activity.
Authorities push back
The US Department of Justice was able recover a portion of the $4.4 million dollar ransomware payment made to DarkSide. The newly established Ransomware and Digital Extortion task force was able to obtain the decryption key of the cryptocurrency account holding the ransom funds, a rare victory in the fight against ransomware gangs. In addition, increased pressure has been placed on the Biden administration ahead of the Geneva summit to confront Russian president Vladimir Putin regarding the haven Russia has created for ransomware gangs[vi]. The UK government has also urged organizations affected not to pay ransoms citing no guarantee for a successful outcome and lack of protection in the future[vii].
What’s next?
Until there is a robust ability to intercept funds traveling cryptocurrency exchanges, more international effort in arresting ransomware gangs and support from agencies in incident response and remediation need to occur. If these principles are not established, ransomware attacks will continue to be profitable. Thwarting ransomware gangs will take an international effort from organizations and authorities alike.
In the meantime, organizations should continue to adhere to cybersecurity best practices. Leveraging multi-factor authentication, strong password practices, and ensuring timely patch management cycles all help increase resiliency to ransomware attacks. Limiting the external attack surface area is vital in preventing a compromise. The Charter of Trust continues to promote security awareness and facilitate information sharing of trends and practices to improve cybersecurity posture internationally.
____________________
References:
[i] https://www.sophos.com/en-us/press-office/press-releases/2021/04/ransomware-recovery-cost-reaches-nearly-dollar-2-million-more-than-doubling-in-a-year.aspx
[ii] https://www.coindesk.com/ransomware-attacks-are-growing-more-profitable-chainalysis-says
[iii] https://www.nytimes.com/2021/05/14/business/darkside-pipeline-hack.html
[iv] https://threatpost.com/darkside-toshiba-xss-bans-ransomware/166210/
[v] https://www.bleepingcomputer.com/news/security/conti-ransomware-gives-hse-ireland-free-decryptor-still-selling-data/
[vi] https://www.cnn.com/2021/06/07/politics/president-joe-biden-cyber-attacks-russia-putin-trump-economy/index.html
[vii] https://www.globalreinsurance.com/ransomware-dont-pay-urges-uk-government/1437486.article
PREVIOUS POST
Nordic Cyber Summit 2024
NEXT POST
New Chairwoman for the Global External Engagement Group
You may also like
External Engagement
New Chairwoman for the Global External Engagement Group
The Charter of Trust is proud to announce María del Pino González-Junco, Cybersecurity Alliances Manager at Siemens, as the new Chairwoman of the Global External Engagement Working Group. Her appointment marks a significant step forward in our shared mission to advance cybersecurity through strong international collaboration.
Pino’s election follows a dynamic Collaboration Week in Denmark, where Charter of Trust partners from around the world came together to align on strategy, strengthen partnerships, and reaffirm our commitment to a secure digital future. As a longstanding leader within the advocacy workstream, Pino has been instrumental in fostering open dialogue with key external stakeholders and promoting cybersecurity awareness across industries and institutions.
“A reliable digital world can only thrive if public and private institutions build trust and cyber-resilience together, share their expertise, and support society in this digital journey. Those are our goals at the Charter of Trust,” says Pino.
She takes over the role from Sumit Chanda, COO/CISO at Atos, who has guided the working group with vision and energy. We are pleased to share that Dr Chanda has since been elected Co-Chair of the Charter of Trust by the Board of Directors in February—ensuring his continued impact on the initiative’s strategic direction.
We extend our sincere thanks to Sumit for his outstanding leadership and warmly congratulate Pino on her new role.
Pino’s election follows a dynamic Collaboration Week in Denmark, where Charter of Trust partners from around the world came together to align on strategy, strengthen partnerships, and reaffirm our commitment to a secure digital future. As a longstanding leader within the advocacy workstream, Pino has been instrumental in fostering open dialogue with key external stakeholders and promoting cybersecurity awareness across industries and institutions.
“A reliable digital world can only thrive if public and private institutions build trust and cyber-resilience together, share their expertise, and support society in this digital journey. Those are our goals at the Charter of Trust,” says Pino.
She takes over the role from Sumit Chanda, COO/CISO at Atos, who has guided the working group with vision and energy. We are pleased to share that Dr Chanda has since been elected Co-Chair of the Charter of Trust by the Board of Directors in February—ensuring his continued impact on the initiative’s strategic direction.
We extend our sincere thanks to Sumit for his outstanding leadership and warmly congratulate Pino on her new role.
Read more
April 24, 2025
•
General announcements
Charter of Trust elects new co-chairs of the Board of Directors
We are honoured to announce that Dr. Ralf Schneider, Senior Fellow and Head of Cybersecurity and NextGenIT Think Tank at Allianz and Dr. Sumit Chanda, Chief Operating Officer at Atos Group Security have been elected as new co-chairs of the Charter of Trust during our last Board of Directors meeting in Munich.
The Partners and Associated Partners thanked Natalia Oropeza, Global Chief Cybersecurity Officer at Siemens, for her engagement and steady leadership during her term as Chairwoman. In her tenure, the Charter of Trust underwent important internal and external changes. What first stands out is the smooth integration of the four working groups, which made the Charter of Trust more agile, leaner and more efficient. It is also safe to say that the alliance has never had such a high level of exposure externally, due to the Charter of Trust partners continuous dedication to the mission of the alliance.
In the spirit of industry collaboration, Natalia Oropeza expressed her support to our new Co-Chairs and said how “incredibly proud of what we have achieved together, welcoming new partners, strengthening our structure, and elevating the Charter of Trust's impact on the global cybersecurity landscape. Collaboration has been at the heart of our success, and I am confident that Dr. Sumit Chanda and Dr. Ralf Schneider as Co-Chairs, the Charter will continue to drive meaningful progress towards a more secure digital world."
For the first time in its history, the Charter of Trust will be co-chaired. Dr. Ralf Schneider from Allianz and Dr. Sumit Chanda from Atos who have decades of experience in the world of cybersecurity and have been active within the alliance for several years now. Both unite an intrinsic motivation to foster inter- and intra-sector collaboration as well as the continuous sharing of knowledge between the Partners and Associated Partners of the Charter of Trust.
For the next year the co-chairs aim to amplify the number of Partners and Associated Partners. This growth, however, should still preserve the unique features of the Charter of Trust as a large practitioner organization with member from all over the world. Expanding into new sectors and new countries is a key target for the new leadership team, so that the Alliance can continue to engage with stakeholders at the highest level.
Dr. Sumit Chanda underlined that “The Charter of Trust’s role is to promote a safe and trusted digital work. Its unique partnership blend of large organisations, working across 190 countries, and across several sectors, has enabled it to make significant progress under the leadership of Mrs. Natalia Oropeza. I would like to thank her for these great achievements. Along with Dr. Ralf Schneider from Allianz, we welcome the opportunity to build on her work as the Co-Chairs of Charter of Trust.”
Ralf Schneider added that “In dynamic times with more risks, more uncertainty, and more unknowns, we as the Charter of Trust step up – to provide stability, promote reliability, and foster trust. This is our mission today and tomorrow.”.
The Partners and Associated Partners thanked Natalia Oropeza, Global Chief Cybersecurity Officer at Siemens, for her engagement and steady leadership during her term as Chairwoman. In her tenure, the Charter of Trust underwent important internal and external changes. What first stands out is the smooth integration of the four working groups, which made the Charter of Trust more agile, leaner and more efficient. It is also safe to say that the alliance has never had such a high level of exposure externally, due to the Charter of Trust partners continuous dedication to the mission of the alliance.
In the spirit of industry collaboration, Natalia Oropeza expressed her support to our new Co-Chairs and said how “incredibly proud of what we have achieved together, welcoming new partners, strengthening our structure, and elevating the Charter of Trust's impact on the global cybersecurity landscape. Collaboration has been at the heart of our success, and I am confident that Dr. Sumit Chanda and Dr. Ralf Schneider as Co-Chairs, the Charter will continue to drive meaningful progress towards a more secure digital world."
For the first time in its history, the Charter of Trust will be co-chaired. Dr. Ralf Schneider from Allianz and Dr. Sumit Chanda from Atos who have decades of experience in the world of cybersecurity and have been active within the alliance for several years now. Both unite an intrinsic motivation to foster inter- and intra-sector collaboration as well as the continuous sharing of knowledge between the Partners and Associated Partners of the Charter of Trust.
For the next year the co-chairs aim to amplify the number of Partners and Associated Partners. This growth, however, should still preserve the unique features of the Charter of Trust as a large practitioner organization with member from all over the world. Expanding into new sectors and new countries is a key target for the new leadership team, so that the Alliance can continue to engage with stakeholders at the highest level.
Dr. Sumit Chanda underlined that “The Charter of Trust’s role is to promote a safe and trusted digital work. Its unique partnership blend of large organisations, working across 190 countries, and across several sectors, has enabled it to make significant progress under the leadership of Mrs. Natalia Oropeza. I would like to thank her for these great achievements. Along with Dr. Ralf Schneider from Allianz, we welcome the opportunity to build on her work as the Co-Chairs of Charter of Trust.”
Ralf Schneider added that “In dynamic times with more risks, more uncertainty, and more unknowns, we as the Charter of Trust step up – to provide stability, promote reliability, and foster trust. This is our mission today and tomorrow.”.
Read more
February 12, 2025
•
External Engagement
Charter of Trust Board of Directors Meeting 2025
The Charter of Trust has kicked off its most pivotal week of the year with a high-level meeting of its Board of Directors in Munich. This influential gathering brought together key decision-makers to reflect on the past year’s successes and set the strategic direction for the future of global cybersecurity.
Under the leadership of Chairwoman Natalia Oropeza, the Charter of Trust has strengthened its internal structure, successfully integrating new Partners and Associated Partners while enhancing collaboration through four dedicated working groups. Externally, the alliance has made a significant impact, engaging global audiences through media, conferences, panel discussions, and key industry events.
Looking ahead to 2025, the Charter of Trust enters a new chapter with a co-chair leadership model. Dr. Sumit Chanda, Global CISO at Eviden, and Ralf Schneider, Head of Cybersecurity at Allianz, will take the helm, bringing a dynamic vision focused on building resilient ecosystems, harmonizing frameworks, and advancing cybersecurity education.
A special thank you to Benedikt Franke, Vice-Chairman & CEO of the Munich Security Conference (MSC), for his insightful keynote on the evolving cyber threat landscape and the vital role the Charter of Trust plays in shaping global cybersecurity solutions.
With a bold vision for 2025, the Charter of Trust continues to drive innovation, collaboration, and trust in the digital world.
Under the leadership of Chairwoman Natalia Oropeza, the Charter of Trust has strengthened its internal structure, successfully integrating new Partners and Associated Partners while enhancing collaboration through four dedicated working groups. Externally, the alliance has made a significant impact, engaging global audiences through media, conferences, panel discussions, and key industry events.
Looking ahead to 2025, the Charter of Trust enters a new chapter with a co-chair leadership model. Dr. Sumit Chanda, Global CISO at Eviden, and Ralf Schneider, Head of Cybersecurity at Allianz, will take the helm, bringing a dynamic vision focused on building resilient ecosystems, harmonizing frameworks, and advancing cybersecurity education.
A special thank you to Benedikt Franke, Vice-Chairman & CEO of the Munich Security Conference (MSC), for his insightful keynote on the evolving cyber threat landscape and the vital role the Charter of Trust plays in shaping global cybersecurity solutions.
With a bold vision for 2025, the Charter of Trust continues to drive innovation, collaboration, and trust in the digital world.
Read more
February 12, 2025
•
