Ransomware: The Worst is Yet to Come

Even though ransomware attacks declined for the first half of this year, the worst is yet to come, experts say.

As the invasion of Ukraine became imminent earlier this year the cybersecurity community, both in government and private enterprise warned of a massive onslaught of cyberattacks on Ukraine and any of their allies. It didn’t happen. In fact, it was Russia that received the brunt of the attacks. Western governments mandated a “shields up” approach and the general public became more aware of cyber hygiene. The positive outcome of all this was a dramatic decrease in ransomware in general.

One unanticipated event of this defensive posturing was a massive impact on the value of cryptocurrency. Even the industry leader Bitcoin lost half of its value at one point. Some experts postulated that this loss in the currency value forced ransomware gangs into hiding, if for no other reason than to regroup and rethink strategies.

Cybercriminal confidence growing

As summer is approaching, however, ransomware attacks seem to be on the rise again. Cyber Protection Magazine contacted asked several experts and asked of the gangs ramping up again to offset their losses? The answer was a qualified yes.

“I think actors were actually a bit wary of tangling with NATO/EU countries in fear of accidentally being attributed to government actors and getting stomped on,” according to Ian Thornton-Trump, chief information security officer at Cyjax Limited. “The Conti Dox was pretty damaging and probably law enforcement has taken “un-announced” action and investigating.”

Even though the risk of detection is increasing, Thornton-Trump believes the crypto market will slowly recover and the funds appreciate in value. Cyjax is working with law enforcement in the United Kingdom and the United States, sharing discoveries the company has made on the current round of attacks.

“It’s not unlikely EUROPOL may be working on this as well. I think as much as I hate to admit it that the constant ‘The Cyber Russians are comin’” did have the effect of promoting quick wins and data recovery (if not actual cyber technology) in hardening some organizations up.”

Cryptocurrency still preferred

Matthew Rosenquist, CISO at Eclipz.io Inc. late last year predicted the slowing of Ransomware in the first half of the year and then a sharp increase in the back half.  But he doesn’t believe the crypto market decline has had any impact on the ransomware market. 

“They use cryptocurrency as a payment mechanism,” he stated.  “Fluctuations in price are irrelevant, as long as it is still a reliable method of transferring funds.  Some attackers choose to keep gains it held in crypto while others sell it off immediately for cash.”

Related:   How Criminals Attack the Building Blocks of the Internet

Gerry Kennedy, CEO of Observatory Strategic Management, predicts a rush of cyber-attacks in general once the war begins to wind down. However, they need cash more than cryptocurrency. “Russia is in deep shit economically for now,” He stated. “The cyber capital they possess has been pushed back and they need fiat currency fast.”

Danger to SMEs

The immediate danger the legitimate world faces is complacency, especially in smaller organizations.

Emil Sayegh, CEO of Ntirety, pointed out that government agencies and large organizations have budgets, personnel and policies in place to make attacks more difficult. And small organizations are not attractive financially. But medium-sized enterprises have greater financial resources and are generally more vulnerable making them the primary target for ransomware gangs. If they haven’t made a decision on what security tools and services to acquire, he recommended a five-point plan to lower vulnerabilities.

  • Patch everything. Update every known device with the latest software.
  • Identify rogue devices. Many people bring private, un-updated IoT devices to work. Identify and update or block them from the company network.
  • Create a disaster recovery plan before an attack.
  • Train personnel on what to do in the event of an attack, including reporting.
  • Lockdown the network with multi-factor authentication, complex passwords and zero-trust.

The last one may be difficult and annoying. But as Sayegh explained, “They’re going to have to trade convenience with security, unfortunately.”

Lou Covey is the Chief Editor for Cyber Protection Magazine. In 50 years as a journalist he covered American politics, education, religious history, women’s fashion, music, marketing technology, renewable energy, semiconductors, avionics. He is currently focused on cybersecurity and artificial intelligence. He published a book on renewable energy policy in 2020 and is writing a second one on technology aptitude. He hosts the Crucial Tech podcast.

Leave a Reply

Your email address will not be published. Required fields are marked *