Ransomware, which was a novelty just a few years ago, is now endemic. We will have to learn to live with the malicious file-encrypting code, even as we all struggle to limit it. Why this matters: Ransomware attacks, which take an organization's data hostage and shut down its systems until the hackers receive payment, have exacted an escalating price on law enforcement, policymaking and financial resources around the world.
Ransomware remains the top cyber threat on the minds of cyber defenders discussed at the recent RSA Conference in San Francisco, the cybersecurity industry's highest-profile annual gathering.
The NSA's director of cybersecurity, told reporters during a briefing at RSA that Russian hackers are now weaponizing ransomware in attempted attacks against Ukrainian logistics supply chain companies, as well as organizations in Western-allied countries.[1] Cybersecurity firm Sophos supported this statement in a report released last week that 68% of cyberattacks last year involved ransomware.
An expert cyber panel table topped what the federal response to a hypothetical, Iran-backed ransomware attack on U.S. banks in 2025 might look like.
How it works: A ransomware attack typically starts with malicious hackers installing file-encrypting malware onto an organization's networks and then displaying a ransom note on every screen. To unlock the networks and prevent a leak of any stolen data, ransomware gangs demand payment, often in the form of cryptocurrency. In recent years, ransomware has infected schools, hospitals, small businesses and more.
Between the lines: Conversations about ransomware at RSA have shifted from viewing it as an easily squashed nuisance to seeing it as a persistent threat. Following the ransomware attack on Colonial Pipeline in May 2021, US officials were quick to make ransomware a national priority. Current President Biden even began engaging with Russia to try to get them to crack down on ransomware. Ransomware now is treated like any other crime that is not expected to be easily solved or to vanish after a couple of key arrests, experts proclaimed.
Many ransomware operators are based in Russia, where the Kremlin tends to turn a blind eye to cyber criminals targeting Western countries. Ransomware gangs are well-organized, making them adept at rebranding and reshuffling in the face of law enforcement heat, said the head of research at IBM's X-Force. Organizations still struggle with basic cyber hygiene to protect themselves.
The Reality. Government sanctions, Internet server takedowns and criminal arrests have slowly but steadily reduced businesses' willingness to pay ransomware gangs, the chief intelligence officer at Flashpoint said. The number of ransomware attacks dropped 15% between 2021 and 2022, according to recent data from Google-owned threat intelligence firm Mandiant. But that came after they skyrocketed the year before.
Ransomware will likely be a constant.
See: https://redskyalliance.org/xindustry/ransomware-isn-t-going-anywhere
Red Sky Alliance is a Cyber Threat Analysis and Intelligence Service organization. For questions, comments, or assistance, please get in touch with the office directly at 1-844-492-7225, or feedback@redskyalliance.com
Weekly Cyber Intelligence Briefings:
- Reporting: https://www.redskyalliance.org/
- Website: https://www.redskyalliance.com/
- LinkedIn: https://www.linkedin.com/company/64265941
Weekly Cyber Intelligence Briefings:
REDSHORTS - Weekly Cyber Intelligence Briefings
https://attendee.gotowebinar.com/register/550422929596774
[1] https://www.axios.com/2023/04/28/ransomware-attack-cybersecurity-rsa-conference
Comments