The recent ransomware attacks have been hitting global headlines. More than 99 nations have been impacted by the global ransomware attacks which are the biggest one of its kind in the history of human mankind. These ransomware attacks have affected all kinds of countries, both big and small, as also all kinds of stakeholders, governments, corporates and individuals. The ransomware attacks of this magnitude and this ambit has not yet been seen anywhere in the world. 

While different countries are still in the process of calculating their respective losses, the present ransomware attacks have thrown up international Cyberlaw issues and challenges which require countries in the world to apply their minds in the right earnestness.

The thing to note is that ransomware attacks are global in nature and has to be dealt with global Cyberlaw approach. However, when one looks at the international Cyberlaw regime, one finds that there is not a single one international global Cyberlaw regime in place. We already have in place the Convention on Cybercrime of the Council of Europe which is more than decade and a half old.

Issues like the ransomware attacks, like the present one where attacks have been originated from different locations targeted at various countries and their computer resource, need global Cyberlaw approaches.

In the year 2015, during the ITU WSIS Forum 2015 at Geneva, Switzerland, I had already mooted the idea that the world needs to have an International Convention on Cyberlaw and Cybersecurity which could be a collation of common minimum denominators of the principles concerning Cyberlaw and Cybersecurity that are agreeable to nations as a starting point.   I had anticipated that the global landscape would be impacted by global cyber criminal aspirations, designs and programs.

Today when the world is impacted by biggest ransomware attacks, the relevance of having in place international Cyberlaw treaties and norms of behavior, become so relevant and topical.  Further, given the absence of international Cyberlaw regimes, detecting, investigating and prosecuting these ransomware attacks is going to present huge number of cyber legal challenges before the law enforcement agencies and the respective governments. It needs to be noted that while ransomware has originated on the horizon few years back, countries have been relatively very slow in dealing with the issue of ransomware. Some countries have legal frameworks to deal with ransomware, while large number of countries does not have the provisions which penalize the ransomware as cyber criminal activities.

A lot of work needs to be done to deal with the challenges faced presented by increasing cybercrime and ransonware. It will be interesting to see as to how the world in general and India in particular rises to the occasion to deal with the challenges presented by the present ransonware attacks.

In the context of the present ransomware attacks , the humungous job before the law enforcement agencies will be trying to identify the source of the said attacks. Given the increased propensity of the cyber criminals to use the darknet for the purposes of launching such attacks and given the stated incapability of the darknet service providers to provide details pertaining to identity of the users, this investigation, which is the mother of investigations, is likely to see huge number of road-blocks and potential dead-end challenges. 

Given that the law enforcement agencies are able to identify the source of such ransomware attacks, the bigger issue would then be how to investigate and seize the relevant electronic evidence in such a manner that the same can be legal and valid as per the existing legal frameworks.  The bigger question before the law enforcement agencies will be as to how they can try to prosecute cyber criminals who are behind these ransomware attacks.

Collection of relevant incriminating electronic evidence and the preservation and continued protection will be an important issue in this regard. Given the fact that the present ransomware attacks have extensively used Bitcoins as the defacto mode of payment for cyber criminal activities, it is the time that the world need to look at regulating the misuse of crypto-currencies like Bitcoins for cybercrime purposes.  In this area also, at international level, there is no unanimity. Majority of countries have not even woken up to the realities in the context of regulating Bitcoins and other crypto-currencies. Increasingly as the world looks forward to deal with the aftermath of the ransomware attacks, it is crystal clear that these ransomware attacks needs to provide a global warning wake up bells for all nations to come out of their slumber. Nations have to quickly realize that Internet is the global heritage of the entire human mankind and global cybercrimes, like ransomware cannot be used intrinsically impact the utility and value of the Internet as also data and information residing thereon.

Countries also need to take these ransomware attacks as a wakeup call to come up with appropriate national effective cyber legal frameworks which can deal with emerging cybercrimes like ransomware attacks.  Given the transnational nature of cybercrimes like ransomware attacks, it is imperative that far more effective and efficacious models of cooperation at international level need to be drawn up.  In the present scenario, where cybercrimes have found a very fertile ground in the form of the darknet economy, it is imperative that efficacious and effective cyber legal frameworks and approaches need to be evolved, adopted and effectively implemented so as to effectively regulate these newly emerging kinds of cybercrimes like ransomware. The world has huge number of cyber legal challenges.

Further, all stakeholders need to recognize the need for having in place the effective international legal frameworks on cyber security, apart from having national dedicated legislations on cyber security. In this regard, examples set by countries like China and Germany could be seen as models going forward of how countries could identify and structure as also draft their national approaches to deal with cybercrimes.

The present case has presented unforeseen kind of challenges for all stakeholders. From this cyber-legal Cyberlaw standpoint, this case represent a new barrier of potential challenges that stakeholders including nation states have to cross. It will be interesting to see how quickly and efficaciously all stakeholders in the digital and mobile ecosystem are able to come up with effective response mechanisms to deal with emerging challenges of cybercrimes and cyber security breaches like ransomware attacks.

The author Pavan Duggal, Advocate, Supreme Court of India, is Asia’s & India’s leading expert and authority on Cyberlaw, Cyber Security Law & Mobile Law and has been acknowledged as one of the top four cyber-lawyers in the world. He can be contacted at his email addresses  and  More about the Author is available at and