INTERPOL. PHOTO: Cybercrime Magazine.

INTERPOL: Ransomware Is A Massive Problem

International remit has proven crucial in chasing global cybercriminals

David Braue

Melbourne, Australia – Dec. 17, 2021

It may have been helping police investigate cross-border crimes since 1923, but the explosion of cybercrime has pushed the International Criminal Police Organization (INTERPOL) to transform rapidly as it fights increasingly international ransomware and other online crimes.

That transformation has been essential in a world where cybercriminals can launch crippling cyberattacks against targets on the other side of the world in seconds. In response, Interpol’s global mandate has turned it into the catalyst for global collaboration — helping authorities reach outside of their jurisdictions to wherever cybercriminals operate.

“Cybercrime just goes across every border, every boundary,” INTERPOL director of cybercrime Craig Jones told Cybercrime Magazine, “and execution of a program can impact millions of people across the world, so we need some global solutions to this effectively.”

As authorities around the world grapple with the international nature of today’s threat, Jones’s cybercrime team — one of INTERPOL’s three core operational areas, along with terrorism and organized crime — has facilitated collaboration amongst local authorities across the agency’s 194 member countries.

Cybercrime Radio: How to make the world a safer place

Craig James, Director of Cybercrime at INTERPOL

Its enforcement and takedown efforts have claimed many scalps, such as the November takedown of GandCrab and Revil-Sodinokibi ransomware gangs and a 22-country operation that led to the arrest of 1,003 individuals and the interception of almost $27 million in cyber-enabled financial crime.

“We’re very good at working in that physical sense by patrolling the streets and arresting the criminals in our communities,” Jones explained. “But we’ve now moved into the online space and what we’re trying to do with police is [figure out] how we act as law enforcement within that online digital space … where we’re actually able to reduce that harm?”

INTERPOL’s global law-enforcement model, which is based around seven regional bureaus and National Central Bureaus in each member country, emerged after World War I to support rapid investigation and information sharing across jurisdictional borders.

After a century supporting traditional police work, the heavily interconnected organization’s global network has been extended to link countries’ national cybercrime centers, supporting multinational efforts to trace cybercriminal gangs wherever they are hiding.

INTERPOL’s charter of neutrality prevents it from pursuing politically-related issues — which prevents it from getting involved in alleged nation-state attacks — but virtually every other type of cybercrime falls under its auspices.

Global threat intelligence

INTERPOL’s extensive global structure has translated into some unique capabilities as the organization refines its investigation support capabilities.

A pair of collaborative cybercrime platforms, for example, are available to member countries — with the Cybercrime Knowledge Exchange (CKE), for one, facilitating the exchange of non-operational cybercrime information while the Cybercrime Collaborative Platform (CCP) enables sharing of sensitive investigation-related information within secure workspaces.

Interpol works closely with cybersecurity industry partners — Cisco, Palo Alto Networks, Trend Micro, Kaspersky and others — to gather and share information to fill out the global picture of what cybercrime is happening where.

One ongoing project is exploring the aggregation and standardization of data from cybercrime victims, enabling common data interchange.

“We join those dots together from a national basis and aggregate that data globally,” Jones explained, “so we have a global overview of those data sets. Sharing that data into law enforcement helps us identify those threats and build out operations against those threats.”

The explosion in ransomware and other cybercrime during the COVID-19 pandemic has put the pedal to the metal for INTERPOL, which Jones said has been “putting as much information as we can on some of the information that comes from the projects that we run.”

“We take the best information that we have and put it on our site,” Jones said, “because we want that information to be available to law enforcement, and to the public.”

Much of that information relates to key prevention measures as part of good cybersecurity hygiene — typically, Jones said, by adopting good precautionary measures, like strong passwords and two-factor authentication, just as physical security comes from locking doors and windows or installing burglar alarms.

Jones believes the support of INTERPOL will continue to provide essential support as law-enforcement agencies fight ransomware in its many forms.

“Ransomware is massive at the moment,” he explained, “but actually it’s such a big global problem. Those are the sorts of things we look at, and we see where we can add value by bringing together the best practices that we see, and making that advice available to the public as well.”

– David Braue is an award-winning technology writer based in Melbourne, Australia.

Go here to read all of David’s Cybercrime Magazine articles.