The WannaCry attack is the biggest ransomware attack in the human history–the ransomware paralysed businesses, government entities, and health services, encrypting computer files on infected machines unless the owner paid a $300 ransom. Supposedly, more than 300,000 computers have been knocked offline in an attack.

This needs to be a wake-up call for the entire global community that they now no longer have to look at their parochial national interests alone. The internet is a global heritage and as such the world will now have to come up with global Cyberlaw norms for the purposes of effectively fighting and regulating these kinds of newly emerging global cybercrimes.

Ransomware attacks are international in nature and have to be dealt with a global Cyberlaw approach. However, when one looks at the international Cyberlaw regulations, one finds that there is not a single international global Cyberlaw regime in place.

In the year 2015, during the ITU WSIS Forum 2015 at Geneva, Switzerland, I had already mooted the idea that the world needs to have an International Convention on Cyberlaw and Cybersecurity. This could be a collation of common minimum denominators of the principles concerning Cyberlaw and Cybersecurity that are agreeable to nations as a starting point. The relevance of such a global approach becomes even more topical today.

Given the absence of international Cyberlaw regimes; detecting, investigating and prosecuting these ransomware attacks is going to present huge cyber legal challenges before law enforcement agencies and respective governments. It needs to be noted that while ransomware originated on the horizon a few years ago, countries have been relatively very slow in dealing with it. Some countries have legal frameworks to deal with it while a large number of countries does not have provisions which penalise ransomware as a criminal activity.

In the context of the present ransomware attacks , the job before law enforcement agencies will be primarily in trying to identify the source of the attacks. Given the increased propensity of cyber criminals to use the darknet for the purposes of launching such attacks and given the stated incapability of darknet service providers to provide details pertaining to identity of its users, this investigation, which is the mother of investigations, is likely to see a huge number of road-blocks and potential dead-end challenges.

Collecting relevant incriminating electronic evidence, preservation and continued protection will be an important issue in this regard. Given the fact that the current ransomware attacks have extensively used Bitcoins as the defacto mode of payment for cyber criminal activities means that it is high time that the world looks at regulating the misuse of crypto-currencies. At the international level, there is no unanimity. A majority of countries have not even woken up to the realities in the context of regulating Bitcoins and other crypto-currencies. Increasingly as the world looks to deal with the aftermath of WannaCry, it is crystal clear that these attacks need to provide a global wake-up call for all countries.

Countries also need to develop effective cyber legal framework. Given the transnational nature of cybercrimes, it is imperative that far more effective and efficacious models of cooperation at the international level need to be drawn up. In the present scenario, where cybercrimes have found a very fertile ground in the form of the darknet economy, measures need to be evolved, adopted and effectively implemented so as to regulate these newly emerging crimes.

India is now beginning to see a number of reported victims of these attacks. We present a very fertile environment in terms of not having even declared ransomware as a cybercrime. India does not even have a dedicated law on cyber security and a majority of Indians don’t even adhere to the basic tenets of cyber security. India is very much at the cusp of seeing a lot of potential damage to its data and so we need to come up with a much more holistic national legal strategy on cyber security per se.

The entire foundation of the Digital India rests on the cyber security of its frameworks. Hence, the focus on cyber security becomes even more relevant in this context–the fact remains that India has to do its homework on cyber security.

From the cyber-legal Cyberlaw standpoint, this case represents a new barrier of potential challenges that stakeholders including nation states have to cross. It will be interesting to see how quickly and efficaciously all stakeholders in the digital and mobile ecosystem are able to come up with effective response mechanisms to deal with emerging challenges of cybercrimes and cyber security breaches like ransomware attacks.

The author can be contacted at pavan@pavanduggal.com

[opinion]