Ransomware: impact on VAT


Ransomware attacks are surging all over the world, becoming one of the biggest threats to our everyday lives. Taking actions against them is therefore crucial in order to spare high costs for businesses and to prevent disruptions of their economic activities. In the first part of this blogpost we discuss the impact of ransomware attacks on our society, following the latest attack on the American tech firm Kaseya on Friday, while in the second part we will analyse the potential of modern cryptography and decentralisation for preventing such attacks, mostly focusing on tax administrations.

What is ransomware?

Ransomware is a type of malicious software designed to block access to a computer system until a sum of money is paid. The malware works either by locking the system’s screen or by locking the users’ files until this “ransom” is paid[1]. Modern ransomware malwarebytes, sometimes categorized as crypto-ransomware, encrypt certain file types on infected systems and force users to pay the ransom through certain online payment methods to get a decryption key.

The impact of a ransomware attacks: some examples

This is the case of the latest ransomware attack on Miami software supplier Kaseya. The attackers managed to change a Kaseya tool called VSA which is used by several software providers all over the world[[2]. Afterwards, the hackers, who are believed to be part of the Russia-linked REvil ransomware group, encrypted the files of the providers’ clients, managing to hit thousands of businesses in 17 countries. Among the firms affected there are two Dutch tech firms and the Swedish retail chain “Coop” which was forced to shut down its 800 stores in the country[3].

This type of ransomware is categorized as a supply chain attack because of its disruptive potential on thousands of businesses in an indefinite number of countries only by infecting one software supplier, Kaseya. Such attacks may cost millions of dollars in damages to the economic activities to which should be added the cost of the ransom required. Estimates of the average cost of a cyber attack range from 360.000 to 3.92 million dollars[4] depending on the country and the number of businesses hit. Concerning the latest ransomware on Kaseya, the costs of the damages related to the attack is still unknown. Nevertheless, we already know the amount of the ransom required by REvil to release several decryption keys: 70 million dollars in crypto currencies.

Such attacks are becoming more and more common. The REvil ransomware has been the last and biggest of a long series of hacks which have hit Microsoft, the Colonial Pipeline, Solarwinds but also health service providers in Ireland and France. Apart from the high costs for businesses, it is now clear that ransomware attacks have a deep impact also on our modern society as a whole, targeting our most sensible infrastructures. The rise of digitalisation which will come in the near future, mostly thanks to the large amount of public investments, may increase the necessity for a high-standard cyber protection of businesses and public services across the globe.

Ransomware and real-time reporting

Also tax administrations need to take actions against cyber and ransomware attacks. Real-time reporting is an important tool to reduce the VAT gap and increase compliance. More and more countries are adopting this system with astonishing results. Nevertheless, we should not underestimate the threat of a cyber attack targeting our tax administrations. Hundreds of millions of invoices are shared everyday between economic entities in the world and an increasing share of them goes already through a real-time reporting system. Such systems mostly store data in plain tax while sensitive information is available to the officers of the tax authorities for auditing reasons. In case of a data breach, such information can fall into the hands of hackers ready to disclose pricing information if a ransom is not paid. This new type of ransomware may affect both the national economy by publicly disclosing the different economic strategies of businesses, and the tax administrations themselves, which are responsible for the security of their system.

Which measures can tax authorities take to defend themselves against ransomware?

The best way to prevent a ransomware attack is to apply best practices to the security of the used software. For example, software should be up to date and be regularly audited by an external party to guarantee the highest level of security. Security can also be enhanced by making use of open source software. Although this is not a panacea (as we explain here), open source software can be constantly monitored by a large pool of developers to find bugs, also called “many eyes”.

Another approach that can be taken to prevent ransomware attacks from happening is to ensure as little data is collected as possible and to store it in a distributed manner (we provide some further information of the different forms of decentralisation here). As a result, there will not be one single point of failure where ransomware hackers could focus their attack on. Even if one of the data storage locations is infected, the data can still be accessed by other (authorised) users of the network. This results in a significantly higher protection against ransomware attacks.


In this blog post we showed the enormous impact ransomware attacks are currently having on businesses, governments and society as a whole. They damage the economy and unfortunately seem to be more common by the day. Such ransomware attacks can also impact tax authorities in case a real-time reporting system is implemented. If such a system is not well enough protected, a ransomware attack could potentially prevent companies from filing their VAT return and worse, in case of a clearance system, disrupt all economic activity in a country. Therefore, tax authorities should apply the highest security standards, make use of open source software and leverage cryptography. The latter can be especially helpful to tax authorities as it ensures as little data is collected as possible and it reduces the chance of being the victim of a ransomware attack.

In case you want to learn more about how summitto’s real-time reporting system exactly works and how it benefits both the public and private sector click here. For questions, shoot us a message at info@summitto.com

[1] Trend Micro, what is ransomware? https://www.trendmicro.com/vinfo/us/security/definition/ransomware

[2] Satter, Raphael: ransomware breach at Florida IT firm hits 200 businesses, Reuters https://www.reuters.com/technology/200-businesses-hit-by-ransomware-following-incident-us-it-firm-huntress-labs-2021-07-02/

[3] Bitcoin Blog: Bisher größte Ransomware-Welle legt 800 Supermärkte in Schweden lahm.https://bitcoinblog.de/2021/07/05/bisher-groesste-ransomware-welle-legt-800-supermaerkte-in-schweden-lahm/

[4] IBM study on the cost of cyber attacks https://newsroom.ibm.com/2019-07-23-IBM-Study-Shows-Data-Breach-Costs-on-the-Rise-Financial-Impact-Felt-for-Years