Cyberterrorism in Europe Has a Clear Target, but the Motives are a Mystery

Tehrani’s description of terrorism is defined using Black Law’s dictionary and cites “the use or threat of violence to intimidate or cause panic, especially as a means of affecting political conduct”. Tehrani argues that while an all-describing definition for terrorism has proven difficult to agree on, one common aspect of terrorism is apparent. This includes that acts of terrorism are conducted to cause fear and coerce the ‘enemy’ for the pursuit of a political, ideological, or religious goal.

Recent ransomware attacks in Europe

The application of this type of terrorism to the cyberspace has become a predominant topic of concern in the twenty-first century. The European tendency to digitize infrastructure with the benefit of it being more efficient and accessible has made it equally susceptible to ransomware attacks.

The WannaCry ransomware attack on the UK’s National Health Service in 2017 and the 2021 attack on Ireland’s Health Service Executive are examples of terrorism targeting vital institutions. Additionally, Finland witnessed a ransomware attack on a private company named Vastaamo. The company runs 25 therapy centers in Finland. The transcripts of these therapy sessions had been hacked. Consequently, clients were reportedly threatened to pay $200 dollars in bitcoin to deter their therapy sessions from being leaked. The director of Finland’s National Bureau of Investigation, Robin Lardot, estimates the number of victims to be in the tens of thousands.

Upon an internal inquiry, it was believed that the actual theft may have happened two years prior, in 2018. Despite the victims’ best efforts to adhere to advice set out by ministers and not engage with the threats, confidential notes of therapy sessions for 2000 patients had been discovered on the dark web.

Implications

The WannaCry, Vastaamo, and Health Service Executive attacks depict a grim reality of the most confidential aspects of people’s lives being leaked to the public. The implications are widespread and infringe upon multiple aspects of both personal lives and the functioning of society. The healthcare service attacks resulted in limited access to health services, often involving postponed treatment or even cancellation thereof. England’s NHS saw the cancellation of 19,000 appointments following the WannaCry hacks and cost the health service 92 million pounds. An added reason for concern is in the case hackers have access to the live documents of patients, information on the patients could be altered to result in large-scale misdiagnosis of patients.

In the case of the Irish ransomware attack, a statement made by the HSE declared that a small amount of data had landed on the dark web, much like Vastaamo hack. The curious turn of events happened when the hackers who committed the ransomware attack against HSE Ireland provided the software tool to reverse the hack. Despite this, it took a lot of work to rebuild the system. This clearly depicted how irreversible and deeply damaging a ransomware attack is, especially when data had already been leaked to the public via the internet. Here, nothing can be completely deleted. The truly harmful nature becomes especially noticeable when considering that the attack happened on May 14^th, and July’s HSE statement included the warning that it was still being dealt with. This hits especially hard given the COVID-19 pandemic that not only involves more demand for the healthcare system but has also pushed back many vital treatments for those awaiting diagnosis/treatments for other illnesses even further than they already were.

How are ransomware attacks cyberterrorism?

Since ransomware attacks are committed anonymously, it’s impossible for spectators to know with certainty what the motive behind the attacks is, making it all the more difficult to label it as an act of terrorism. That being said, the commonalities in recent ransomware attacks seem quite clear. In Europe especially, health care services and companies are being hacked, and the patients are threatened.

The ransomware attacks definitely share the characteristic of terrorism which proscribes the use of violence to instill fear and coercion against ‘the enemy.’ This furthermore involves the targeting of innocent civilians. The withholding of a health service, especially during a pandemic, might be considered an act of indirect, albeit harmful, violence. What remains unclear, is the perpetrator’s motives, whether they were ideologically or financially motivated. The targeting of civilians, which included demanding ransom from minors, as well as the intentional destabilization of an infrastructure a country and civilians depend on, may be a message in itself which could constitute a new type of terrorism – requiring a new or separate definition. In this case, it may not be the motive, but the target that sets the tone for terrorism.

Conclusion

Moving forward, an increase in cyberterrorism is to be expected. This will become especially pronounced as more companies and institutions make plans to work remotely even post-pandemic lockdowns. For this reason, it is crucial for governments to clearly define cybercrime and cyberterrorism that can be utilized in prosecution.

Additionally, European governments should work towards protecting vulnerable adults and minors who are at risk of becoming victims of cyberterrorism. It must remain a high priority to get students vaccinated and back into educational facilities with safety measures implemented on site. If not possible, institutions are urged to use effective encryption for any data that is handled online.

The Vastaamo attack may have been preventable if the data had been encrypted properly. The continuation of online learning could open doors for cyber-terrorists to gain access to a wide range of new material for ransom threats.