The Legal and Operational Response to Ransomware
Fighting ransomware takes a lot of effort from many sides, but one big challenge is that many attacks go unreported. Even though ransomware cases are rising, a lot of them stay hidden, making it harder to respond quickly and understand the full picture. The FBI’s IC3 2023 report (released in March 2024) showed 2,825 ransomware complaints, an 18% increase from 2022. To fight this growing threat, international teamwork is key. Some experts are even discussing banning ransom payments to discourage attackers.
“Banning ransomware payments could reduce transparency and discourage reporting, which is an issue the industry is already struggling with. As the organizations fear more legal trouble, they might go in the direction of handling the attacks quietly. In this case, it will be harder for law enforcement to track trends and for the cybersecurity community to share lessons. Such bans could also lower cybersecurity investment unintentionally by driving incidents underground.”
– Müzeyyen Gökçen Tapkan, Director of Data Research at Black Kite
Strong cybersecurity regulations are critical. They are already pushing organizations to adopt more robust security and incident response protocols. Reward initiatives by agencies like the U.S. DOJ and OFAC also play a key role, offering incentives for information that leads to the arrest of cybercriminals—most notably, the $10 million bounty placed on LockBit members.
Police and Government Operations Make an Impact on Ransomware
Police and government operations are finally starting to show real results. For example, ransomware groups like 8Base have been taken down, and several cybercrime group members have been caught and sent to the U.S. These wins show that authorities are getting better at holding cybercriminals accountable and breaking up their networks.
In February 2024, Interpol’s Operation Synergia helped find over 1,300 suspicious IP addresses and shut down many servers used in ransomware attacks. Around the same time, major groups like LockBit and Hive were still active—until Operation Cronos led to arrests and major data seizures. A big turning point came earlier with the takedown of the Sodinokibi/REvil group in 2022, thanks to international cooperation. That case showed that even the most dangerous ransomware groups can be stopped.
Later in 2024, Operation Serengeti focused on stopping cybercriminals across Africa, while Operation Endgame—led by Europol—took down key malware tools used to spread ransomware. These efforts show a smarter approach: not just going after the attackers, but also targeting the tools and systems that help them operate.
How Cybersecurity Companies Are Combating Ransomware
Cybersecurity companies are helping too. They create decryption tools that let victims get their files back without paying a ransom. These tools, along with strong security practices, make a big difference in limiting the damage ransomware can do.
Ultimately, defeating ransomware demands a coordinated response across governments, law enforcement, cybersecurity firms, regulators, and individuals. Promoting transparency and improving data sharing are essential to overcoming underreporting. The IC3 report reinforces the urgency of the threat—and with the combined strength of legal frameworks, enforcement actions, and technological solutions, a more resilient defense is within reach.
How Regulations Fight Ransomware
In response to the escalating threat of ransomware, regulatory bodies worldwide are intensifying their focus on cybersecurity, particularly concerning third-party and supply chain risks. The interconnected nature of modern supply chains means that vulnerabilities in a single vendor can have cascading effects on multiple organizations. Recognizing this, frameworks like the National Institute of Standards and Technology's (NIST) Ransomware Risk Management guidelines emphasize the importance of comprehensive risk assessments that encompass not only internal systems but also external partners.
Moreover, financial sector authorities, such as the Financial Industry Regulatory Authority (FINRA), have issued advisories highlighting the necessity for firms to conduct thorough due diligence and continuous monitoring of third-party providers. These guidelines stress that effective third-party risk management is not merely a best practice but a regulatory expectation, aiming to mitigate potential entry points for ransomware attacks through the supply chain.
Despite the growing number of ransomware attacks reported to the UK’s Information Commissioner’s Office (ICO), the number of regulatory investigations has sharply declined. As shown in the chart, while 2023 saw a record-breaking number of ransomware breaches reported, the proportion of incidents actually investigated by the regulator fell to its lowest point in years.
This disparity highlights a critical challenge: regulatory agencies are overwhelmed by the volume of disclosures, leading to inconsistent enforcement and follow-up. The widening gap underscores the need for organizations to proactively monitor and manage ransomware risk—including third-party exposures—rather than relying solely on regulatory response.
