The European Union’s efforts to tackle the phenomenon of ransomware attacks (Part II) – Lexology

As the transition to a digital society is accelerating in recent years, especially after the coronavirus outbreak, the expectations of the European Citizens for a safer digital environment are growing. There is then an urgent need to combat cybercrime. In a previous article published on Lexology on this topic we had started to discuss of the ransomware attacks. We had thus described the relevant phenomenon and we had pointed out the legislative and policy frameworks in place in the European Union for facing this issue. In this second contribution, reference will now be made (always in an EU perspective) to the main actors in charge of dealing with the ransomware attacks (Chapter 2); we will then look at the strengths and weaknesses of the current system of EU defence from this invasive form of cyber-criminality (Chapter 3); finally, we will try to make some recommendations for improving the security of the Citizens within the European Union in such area (Chapter 4).

As already highlighted in our previous contribution[1] the first step towards the creation and development of an EU cybersecurity ecosystem was the adoption of a cybersecurity strategy in 2013[2]. This strategy identified the achievement of cyber-resilience and the development of industrial and technological resources for cybersecurity as its key objectives. As part of this strategy, the European Commission proposed the EU Network and Information Security directive2016/1148 (NIS Directive)[3].

We will now look at who are the main actors in charge of implementing the NIS Directive as well as the other initiatives advanced by the European Union to tackle the ransomware attacks.

In the first place, it shall be reminded that the NIS Directive has provided only that the EU countries shall put in place legal measures to boost the overall level of cybersecurity in Europe. This in essence with the intent of protecting the European critical infrastructure[4].

On the other hand, the NIS Directive has left basically to the free initiative of the Members States the regulation of aspects such as the sanctions to be imposed to the offenders in case of ransomware attacks. In addition, the NIS Directive did not impose on the EU Countries any obligation to share the information systematically with one another in case of cross-border ransomware attacks.

The above means that nowadays the single States of the European Union are the most important actors in the fight of the ransomware attacks. They indeed decide singularly on crucial aspects such as: (i) how the ransomware attacks shall be punished within their single jurisdiction; (ii) whether there must be any cooperation with the other Member States in case of ransomware attacks involving more countries.

It is then worthy to mention another important player which comes into consideration in the field of the cybersecurity in Europe, i.e. the European Union Agency for Cybersecurity (ENISA). ENISA contributes to the EU cyber policy, enhances the trustworthiness of ICT products, services and processes with cybersecurity certification schemes, cooperates with Member States and EU bodies, and helps Europe prepare for the cyber challenges of tomorrow [5].

ENISA was not entrusted with specific competences in the tackle of the ransomware episodes in the NIS Directive, but it is playing an important role de facto moving down the following directions:

Finally, it must be stressed that on 23 June 2021 the European Commission laid out a vision to build a newJoint Cyber Unit[8]. The Joint Cyber Unit will be a new body (with its own resources and offices) intended to provide full support to ENISA in ensuring an EU coordinated response to large-scale cyber incidents and crises such as the ransomware attacks. This new initiative is an important step which will allow ENISA (together with the Joint Cyber Unit) to further achieve a higher common level of cybersecurity within the European Union[9].

Finally, it is worth to be mentioned also the role played by the Council in tackling the cyber-crimes (and thus the ransomware attacks).

In this regard, in our previous contribution on this topic[10] we had reminded that the EU tried to reinforce its global response to the cyber-attacks (including ransomware) by establishing a Framework for a Joint EU Diplomatic Response to Malicious Cyber Activities (the so called Cyber Diplomacy Toolbox)[11]. This framework basically allows the EU and its Member States (by way of an initiative to be taken by the Council) to use all necessary measures ... to prevent, discourage, deter and respond to malicious cyber activities [and thus also to the ransomware attacks] targeting the integrity and security of the EU and its member states .... In particular, the Cyber Diplomacy Toolbox gives the possibility to the Council to impose ... sanctions on persons or entities that areresponsible for cyber-attacks or attempted cyber-attacks, who provide financial, technical or materialsupportfor such attacks or who areinvolvedin other ways ... [12].

It is noticeable that, based on the Cyber Diplomacy Toolbox, the Council has been able to imposerestrictive measures againstcertain individualsand entitiesresponsible for or involved in theransomware-attacks publicly known asWannaCry andOperation Cloud Hoppe[13]. The sanctions imposed to the entities involved included severe measures such as thetravelban and theassets freeze.

Of course, it must not be forgotten that it is not particularly simple for the Council to take collective actions (such as the ones indicated above) based on the Cyber Diplomacy Toolbox. And indeed, the European Unions decision-making process to be activated in these cases is the same one to be applied for the foreign policy matters, requiring thus the unanimous decision of all EU governments. This is certainly a very high threshold not easy to be reached[14]. It follows that it is rather complicated for the Council to issue sanctions based on the Cyber Diplomacy Toolbox.

Being understood all the above, we will now try to summarize the main strengths and weaknesses of the European Union framework put in place for fighting the phenomenon discussed.

In the first place, it must be noted that the implementation of the NIS Directive and of the Cyber Diplomacy Toolbox has been very important at least in raising awareness in the European States regarding the cyber-criminal activities such as the ransomware attacks.

The NIS Directive has indeed given an incentive to the Member States to increase their cybersecurity capabilities for protecting themselves from these forms of criminality.

The Cyber Diplomacy Toolbox has, in turn, granted the possibility to sanction directly certain entities and individuals which have committed, inter alia, ransomware crimes.

On the other hand, both the legal frameworks mentioned above have their downsides.

The NIS Directive resulted in fragmentation at different levels across the internal market (given that for example such directive did not provide for a system of harmonized sanctions to be applied in the European Countries). In addition, the ENISA has not been given enough powers to help the EU Member States to tackle issues such as the ransomware attacks.

Further, the Cyber Diplomacy Toolbox requires a too burdensome process for dealing with the cyber-crimes. Indeed, as we have seen above, the Council can focus just on the major events and, in any case, the unanimity of the EU Countries is required to take actions against offenders committing for example ransomware attacks.

As it may be appreciated the phenomenon of the ransomware attacks is quite a complicated one. In the EU the battle is open and efforts are indeed spent by the different stakeholders involved to combat this issue effectively.

On the other hand, there is certainly room for improvement.

Based on the above findings (and on what has been discussed in the other article published on Lexology on this topic[15]), we will then try to suggest some recommendations aimed at tackling the ransomware phenomenon in a more efficient way within the European Union. In this regard it is noted the following:

Finally, apart from the above actions and recommendations (which are indeed directed at bolstering the fight of the specific kind of cybercrime at subject matter) one final consideration is worthy to be made.

It shall indeed not to be forgotten that issues such as the ransomware attacks in many cases can be avoided at the very beginning explaining to the users how to avoid them.

It is thus of the utmost importance that are continued to be promoted specific initiatives and dialogues with the EU Citizens regarding the common ransomware attack scenarios with the effect of aiming to raise awareness and share good practices and practical recommendations [18]. This with the final goal to eliminate the issue even before the crime is perpetrated counting on the fact that the EU Citizens (if properly trained) should be able not to fall into the traps posed on their way by the cybercriminals.

Read the original:
The European Union's efforts to tackle the phenomenon of ransomware attacks (Part II) - Lexology

The European Union just issued a dire warning to its 450 million citizens: Stockpile supplies and prepare for disaster - Fortune - March 26th, 2025 [March 26th, 2025]
The European Union is preparing for war and is calling for emergency reserves in every home - CiberCuba - March 26th, 2025 [March 26th, 2025]
The European Union rejected Russias demand for a ceasefire in exchange for lifting sanctions - - March 26th, 2025 [March 26th, 2025]
Exclusive | European Union to slap Meta with fine up to $1B or more for breaching strict antitrust rules: sources - New York Post - March 26th, 2025 [March 26th, 2025]
Peter Rough sat down with Kaja Kallas, European Union high representative for foreign affairs and security policy and European Commission vice... - March 26th, 2025 [March 26th, 2025]
Court of Justice of the European Union: Member states representatives appoint thirteen judges to the General Court - consilium.europa.eu - March 26th, 2025 [March 26th, 2025]
When the European Union wants to get back to basics - Marketscreener.com - March 26th, 2025 [March 26th, 2025]
The European Union urges citizens to stockpile supplies to last 3 days in case of crisis - Goshen News - March 26th, 2025 [March 26th, 2025]
The European Union urges citizens to stockpile supplies to last 3 days in case of crisis - Oil City Derrick - March 26th, 2025 [March 26th, 2025]
European Union's Transmission Shafts and Cranks Market Expected to Slightly Increase with a CAGR of +0.3% over the Next Decade - IndexBox, Inc. - March 26th, 2025 [March 26th, 2025]
New European Union Plan To Boost Local Arms Production Would Freeze U.S. Out Of Billions - The War Zone - March 26th, 2025 [March 26th, 2025]
European Union's Roasted Coffee Market to See Continued Growth with +0.6% CAGR by 2035 - IndexBox, Inc. - March 26th, 2025 [March 26th, 2025]
EU Penalizes RPM And Other Vertical Conduct Violations - Cartels, Monopolies - European Union - Mondaq News Alerts - March 26th, 2025 [March 26th, 2025]
European Union's Toilet Paper Market to Reach $27.1B by 2035 with +0.5% CAGR - IndexBox, Inc. - March 26th, 2025 [March 26th, 2025]
European Union Delays Retaliatory Tariffs On U.S. ProductsIncluding Whiskey - Forbes - March 20th, 2025 [March 20th, 2025]
ICC President visits Brussels, urges European Union to take immediate action to protect the Court - the International Criminal Court - March 20th, 2025 [March 20th, 2025]
The European Sting is Your democratic, independent and top quality political newspaper specialized in European Union News. Unique Features: iSting... - March 20th, 2025 [March 20th, 2025]
The Prime Minister of Slovakia supported Ukraine's integration into the European Union - Eurasia Daily - March 20th, 2025 [March 20th, 2025]
Trump reacts to European Union slapping tariffs on U.S. goods - CBS News - March 13th, 2025 [March 13th, 2025]
Rxulti approved in the European Union for adolescent schizophrenia - PharmaTimes - March 13th, 2025 [March 13th, 2025]
European Union Responds With Tariffs on Soybeans, Other Ag Exports - DTN The Progressive Farmer - March 13th, 2025 [March 13th, 2025]
European Union retaliates with tariffs on $28 billion U.S. products - RFD-TV - March 13th, 2025 [March 13th, 2025]
Donald Trump threatens European Union with 200% tariffs on specific goods if they dont remove nasty tax - UNILAD - March 13th, 2025 [March 13th, 2025]
Canada and the European Union announce retaliatory tariffs against the United States - KREM.com - March 13th, 2025 [March 13th, 2025]
Commission decides to refer SPAIN to the Court of Justice of the European Union due to discriminatory tax treatment of non-resident taxpayers - The... - March 13th, 2025 [March 13th, 2025]
European Union hits back with counter tariffs on US goods - USA TODAY - March 13th, 2025 [March 13th, 2025]
Trade Wars: European Union Retaliates Against U.S. Tariffs on Steel and Aluminum - TipRanks - March 13th, 2025 [March 13th, 2025]
Commission hosts event to gather input and expertise on upcoming European Water Resilience Strategy - European Union - March 7th, 2025 [March 7th, 2025]
UNESCO and the European Union Promote Training in Creative Tourism in the Caribbean - UNESCO - March 7th, 2025 [March 7th, 2025]
The Interests of the European Union and the United States Are Diverging - Modern Diplomacy - March 7th, 2025 [March 7th, 2025]
Tunisia: Call for the European Union to send international observers to the so-called "conspiracy" trial - FIDH - March 7th, 2025 [March 7th, 2025]
European Union Blasts Trump Tariff Threats as Starmer Visits White House - Newsweek - February 27th, 2025 [February 27th, 2025]
Trump vows to slap 25% tariffs on the European Union - FRANCE 24 English - February 27th, 2025 [February 27th, 2025]
Trump vows to impose 25% tariffs on imports from the European Union - The Associated Press - February 27th, 2025 [February 27th, 2025]
Trump says tariff level will be 25% on European Union products - Le Monde - February 27th, 2025 [February 27th, 2025]
EU reaffirms unwavering support to Ukraine on anniversary of invasion - European Union - February 27th, 2025 [February 27th, 2025]
The European Union is financing a project to strengthen social protection for women in ten local communities in Bosnia and Herzegovina - EEAS - February 27th, 2025 [February 27th, 2025]
Trump's reciprocal tariffs would hit these European Union products that Americans buy the hardest - CNBC - February 14th, 2025 [February 14th, 2025]
European Union Says It Will Respond "Firmly, Immediately" To Trump's Tariffs - NDTV - February 14th, 2025 [February 14th, 2025]
How the European Union could counter US tariffs - ING Think - February 14th, 2025 [February 14th, 2025]
(Nemolizumab) Approved in the European Union for Moderate-to-Severe Atopic Dermatitis and Prurigo Nodularis - Business Wire - February 14th, 2025 [February 14th, 2025]
European Union could ban the number 1 Catholic app in the world: Hallow - ZENIT - English - February 14th, 2025 [February 14th, 2025]
Political contagion in Europe: can the European Union survive Trumpism? - Bruegel - January 19th, 2025 [January 19th, 2025]
Bolstering the cybersecurity of the healthcare sector - European Union - January 19th, 2025 [January 19th, 2025]
Medidatas Patient Experience Recognized as Sustainability Solution by the European Union, Paving the Way for Greener Clinical Trials - Dassault... - January 19th, 2025 [January 19th, 2025]
European Union Special Representative for the Great Lakes Region, Johan Borgstam, makes first official visit to Tanzania - EEAS - January 19th, 2025 [January 19th, 2025]
Indicating the way forward for sustainable European aviation - European Union - January 19th, 2025 [January 19th, 2025]
UNHCR and the European Union join forces to provide lasting solutions for Afghan refugees and returnees - EEAS - January 19th, 2025 [January 19th, 2025]
Irregular migration into the European Union fell sharply last year, border agency says - The Associated Press - January 19th, 2025 [January 19th, 2025]
Poland Assumes the Presidency of the Council of the European Union - Kyiv Post - January 6th, 2025 [January 6th, 2025]
Far From Ignorant: The European Union, Arms Exports and Israel - CounterPunch - January 3rd, 2025 [January 3rd, 2025]
Major changes in the European Union - summary of 2024: everything you need to know in 2025 - Visit Ukraine - January 3rd, 2025 [January 3rd, 2025]
Hungary's controversial presidency of the Council of the European Union comes to an end - Euronews - January 1st, 2025 [January 1st, 2025]
30 years together: Austria, Finland and Sweden in the EU - European Union - January 1st, 2025 [January 1st, 2025]
AI and Employee Data Protection in the European Union: 8 Key Takeaways for Multinational Businesses - JD Supra - January 1st, 2025 [January 1st, 2025]
Pro-European Union Protests in Georgia Continue into New Years Eve - AL24 News - January 1st, 2025 [January 1st, 2025]
2025, between the reformist drive and the structural challenges of the European Union - The Diplomat in Spain - January 1st, 2025 [January 1st, 2025]
Statement on behalf of the European Union and its Member States by H.E. Ambassador Stavros Lambrinidis, Delegation of the European Union to the United... - December 30th, 2024 [December 30th, 2024]
European Union to resume Association Council meetings with Israel - The Times of Israel - December 18th, 2024 [December 18th, 2024]
Its time for the European Union to rethink personal social networking - Bruegel - December 18th, 2024 [December 18th, 2024]
Mistral 3 project to receive 60 million from European Union - MBDA - December 18th, 2024 [December 18th, 2024]
The European Union and Palestinian Authority convene Investment Platform and announce EUR 28.3 million of investments for the Palestine Financial... - December 18th, 2024 [December 18th, 2024]
The EVERY Company Further Expands its IP Estate with European Union Patent for Recombinant Ovalbumin - Business Wire - December 18th, 2024 [December 18th, 2024]
European Union sanctions 26 individuals and two entities in Belarus - euneighbourseast.eu - December 18th, 2024 [December 18th, 2024]
European Union: What do CG&R companies need to know about the European Accessibility Act? - GlobalComplianceNews - December 18th, 2024 [December 18th, 2024]
New EU norms to reduce environmental impact of smitheries and foundries - European Union - December 14th, 2024 [December 14th, 2024]
Syria: Statement by the High Representative on behalf of the European Union on the fall of the Assad regime - consilium.europa.eu - December 10th, 2024 [December 10th, 2024]
European Union and the Gates Foundation to co-host Gavi 6.0 High Level Pledging Summit - Bill & Melinda Gates Foundation - December 10th, 2024 [December 10th, 2024]
European Union orders TikTok to preserve data related to Romanian election - The Associated Press - December 10th, 2024 [December 10th, 2024]
European Union - United Republic of Tanzania: Joint Communique of the 2024 Partnership Dialogue - EEAS - December 10th, 2024 [December 10th, 2024]
Human Rights Day: Statement by the High Representative on behalf of the European Union - consilium.europa.eu - December 10th, 2024 [December 10th, 2024]
We are waiting to return home - helping refugees in Sudan - European Union - December 10th, 2024 [December 10th, 2024]
Revised Regulation on Classification, Labelling and Packaging of Chemicals enters into force - European Union - December 10th, 2024 [December 10th, 2024]
CCS legal framework for the development of carbon capture and storage technologies in Poland and the European Union - Dentons - December 10th, 2024 [December 10th, 2024]
Mercosur and the European Union sign trade agreement - Fresh Fruit Portal - December 10th, 2024 [December 10th, 2024]
European Union To Spend Over $4 Million And 3 Years To Create Report On European Animation Industry - Cartoon Brew - December 4th, 2024 [December 4th, 2024]
Speech by President von der Leyen at the European Parliament Plenary on the new College of Commissioners and its programme - European Union - December 4th, 2024 [December 4th, 2024]
ASSEMBLY | EU bishops reflect on Europes future and challenges of the new institutional cycle - The Catholic Church in the European Union - December 4th, 2024 [December 4th, 2024]
Georgia suspends talks on joining the European Union and accuses the bloc of blackmail - The Associated Press - November 30th, 2024 [November 30th, 2024]
An update on political advertising in the European Union - The Keyword - November 30th, 2024 [November 30th, 2024]

July 29th, 2022

No comments yet

Comments are closed.

Mediaboss Marketing

The European Union’s efforts to tackle the phenomenon of ransomware attacks (Part II) – Lexology

About

Pages

Categories

Media Sites

Recommended Sites

Archives