Beyond Emotet, cybercriminal groups Netwalker and Egregor have also seen some of their operators and affiliates be arrested in the past few months. The shockwave from these arrests was immediate and led platforms Ziggy and Fonix (see the first article in this series) to announce they would stop their operations as a result.
It is also worth mentioning the "name and shame" policy that has existed now for several years in the United States - which consists in revealing cybercriminals’ identity. Although this policy’s impact in terms of communication is obvious, its operational efficiency is limited. The United States recognizes this and admits that this measure should only be a last resort when it has become certain that the cybercriminals will not be caught.
Despite these successes, the cybercriminal ecosystem is resilient and continues to grow
If the recent dismantlements and shutdowns represent a shift in the evolution of cybercriminals’ activities, the effort must last and intensify. Operators of Ransomware-as-a-Service platforms are for the most part still active and numerous competitors are hoping to carve themselves a share of this particularly lucrative market.
International cooperation is unsurprisingly fundamental in order to arrest the criminals. However, it remains slow to put in place while cybercriminals collaborate on a daily basis to hone their methods and tools and better evade authorities. To answer these challenges, we agree with the World Economic Forum that suggests the creation of a global partnership with entities responsible for stimulating collaboration and task forces dedicated to specific topics.
Following the same logic, the pace of judicial procedures remains overall too slow compared with the extremely dynamic environment of cyber-criminality. The drafting and application of laws to limit cyberattacks are time-consuming affairs. The judicial solution is also limited by territoriality: it can be hard to obtain the authorizations required to intervene on another country’s territory. This is why criminal groups tend to emerge in countries that are known to turn a blind eye to their practices (under the condition that cybercriminals don’t target them).
Some suggestions to improve the punishment of cybercriminals
The sovereign functions of the state (justice, security, diplomacy) are on the front line. However, justice is insufficiently targeted by the French government’s plan to fight cybercrime - announced in great part in reaction to the wave of attacks involving the health sector. The judiciary struggles to tackle cybercrime for several reasons: excessive caseload, a lack of qualified personnel, a criminal code not designed to fighting cybercrime, legislative difficulties linked to the acquiring and validity of digital proofs, fragmentation, a lack of resources to follow virtual currencies flows…