Last year there was some optimism. It seemed the tide was turning on ransomware after the US government scored a handful of victories against cybercriminals pulling off these increasingly damaging attacks: The Justice Department successfully seized $2.3 million worth of bitcoins that Colonial Pipeline paid the DarkSide ransomware gang to get their data back. , and months later played a role in the downfall of the notorious REvil ransomware gang.
This optimism was short-lived. Despite this action, it appears that 2022 will overtake last year as the worst year on record for ransomware attacks; a recent report shows that attacks have increased by 80% year-over-year and that cybercriminals responsible for these attacks have easily evaded law enforcement actions by leveraging ransomware-as-a-service or simply by rebranding.
"It's clear that ransomware attacks are on the rise," says Matthew Prince, CEO of Cloudflare. "In September 2022, nearly one in four respondents in our customer survey reported receiving a ransomware attack or threat, the highest month yet of 2022."
The worst year of ransomware attacks
2022 has not only been the worst year for ransomware attacks statistically, but also the worst overall. While hackers focused last year on critical infrastructure and financial services, this year's focus has been on the organizations where they can inflict the most damage.
In an attack on the Los Angeles Unified School District, hackers from the Vice Society leaked a trove of 500 gigabytes of sensitive data, including prior conviction reports and student psychological evaluations, while an attack on IT service provider Advanced left the UK NHS struggling after it was forced to cancel appointments, and staff relying on taking notes with pencil and paper.
Perhaps the most devastating attack of 2022 came just weeks ago after attackers breached Australian health insurance giant Medibank and accessed approximately 9,7 million customer personal data and health claims data for nearly half a million. Of customers. The data stolen during the attack included confidential files related to abortions and alcohol-related illnesses.
These attacks don't just show that ransomware is getting worse. They also show that ransomware is a global problem and global action is needed to successfully fight back. In early November, the US government began to move in the right direction, announcing that it will establish an International Ransomware Task Force, or ICRTF, to promote information sharing and capabilities.
"This is a global problem, so governments need to come together," says Camellia Chan, CEO and founder of cybersecurity firm X-PHY. “That being said, collaboration alone will not provide a solution. It's more than signing an agreement."
Fuel tanks can be seen at Colonial Pipeline Baltimore Delivery in Baltimore, Maryland on May 10, 2021. The US government declared a regional emergency on May 9, 2021, as the pipeline system of The largest fuel oil company in the US remained largely shut down, two days after a ransomware attack.
This is a view shared among the cybersecurity community: signing deals and sharing intelligence is all very well, but unlikely to deter financially motivated cybercriminals who continue to reap the rewards of these attacks.
To gain ground on cybercriminals who continue to achieve a high success rate, governments need a fresh approach.
More cooperation from governments
"You can't stop the problem," says Morgan Wright, SentinelOne's chief security advisor. “There are numerous examples of transnational criminal ransomware actors and nation-state actors being identified and charged with various crimes. These criminals almost always live in countries that do not have an extradition treaty with the country that issued the indictments.”
“One area where I would like to see more effort is in the area of human intelligence gathering,” Wright added. “We need more penetration of state actors and criminal organizations. Too often, ransomware is seen as a glitch. It is not. It is human greed that uses technology to achieve a final goal.”
This element of greed could also be the subject of further regulation of the cryptocurrency market, which many believe could be on the horizon. after the recent collapse of FTX. Former CISA assistant director Bob Kolasky said that to definitively discourage ransomware actors, governments need to reduce the financial instruments available for their use.
“This includes using regulatory pressure on the cryptocurrency market to make it easier to track and recover ransomware payments,” Kolasky says, a view shared by others.
“We need governments to play a bigger role in blocking cryptocurrency, which is the enabler of attackers' monetization strategies,” agrees David Warburton, director of networking company F5 Labs, noting: “ While decentralized currencies like bitcoin are not inherently bad, nor are they solely responsible for the ransomware epidemic we are facing, there is no denying that they are a huge factor.”
“While control and regulation somewhat defeats the original intent of decentralized currencies, there is no escaping the fact that without Bitcoin, ransomware simply wouldn't exist,” Warburton said.
But the legislation would not work unless it is a global effort, he added: "Many ransomware groups operate from countries that have no motivation to help those who are being attacked."
This is a problem that, like ransomware itself, has been exacerbated by Russia's invasion of Ukraine, which has ended any cooperation between Europe, the US, and Russia on ransomware operations inside Russia. Jason Steer, director of information security at threat intelligence giant Recorded Future, said this is an area that immediately needs more support from global government.
“The focus has decreased significantly in 2022 due to the activities of Russia, from where, in fact, many groups operate safely,” Steer said.
Even if governments join forces to collaboratively combat the growing ransomware problem, it is unlikely to have an immediate effect. Security experts are not expecting a reprieve from ransomware as we enter 2023 as increasingly skilled hackers exploit new attack vectors and continue to reap the financial rewards.
“There are governments that are working to provide more support and resources. But it will never be enough,” says Wright. "Bad actors will always have the upper hand, but we should make them pay off significantly every time an attack is launched."
