Ransomware, a type of malicious software that threatens to publish a victim’s data unless a ransom is paid, represents a major threat to global cyber security, according to Europol.
The law enforcement agency’s Internet Organised Crime Threat Assessment (IOCTA), a report that identifies emerging trends in cybercrime, also placed payment fraud and child sexual exploitation among the primary threats facing people online.
“The global impact of huge cyber security events such as the WannaCry ransomware epidemic has taken the threat from cybercrime to another level,” Europol’s Executive Director Rob Wainwright said in a statement.
The WannaCry attack in May this year was said to have affected up to 300,000 people in more than 150 countries, impacting high-profile companies and institutions such as UK’s National Health Service (NHS) and Spanish telecommunications firm Telefonica.
The ransomware was facilitated by an exploit allegedly leaked by the NSA and acquired by a group of hackers known as ShadowBrokers.
The following month, Petya ransomware affected more than 20,000 people around the world.
While the IOCTA dubbed WannaCry a “negligible financial success” after less than one percent of victims paid the ransom, it noted that “the anxiety generated was socially significant.”
“This report shows online crime is the new frontier of law enforcement. We’ve all seen the impact of events like WannaCry: whether attacks are carried out for financial or political reasons, we need to improve our resilience and ensure cybercrime does not pay,” said EU Commissioner for the security union Julian King.
Germany, the UK, France, Italy and Sweden made up the top five EU member states to click on malicious URLs, according to the report, while France, the UK, Germany, Netherlands and Portugal hosted more than 80 percent of all the URLs.
Child sexual coercion and extortion of minors was also highlighted in the report, with the darknet mentioned as one of the main platforms for the distribution of child pornography.
“The largest and most prolific offenders and communities identified by law enforcement had a significant presence on the darknet,” the IOCTA states before pointing to the takedown of AlphaBay and Hansa, two of the largest darknet markets, in a joint operation with the FBI, DEA and Dutch National Police last year.
Meanwhile, payment fraud, including attacks on bank networks to manipulate card balances and take control of ATMs, has also been highlighted as one of the most serious emerging threats in this area.
The lack of an EU-wide law criminalizing possession of stolen cards is seen as an obstacle to fully combating this type of fraud.