Ransomware gangs can keep popping up – the number of ransomware attacks increased in 2021. But if you take a closer look, you’ll see rifts in the billion dollar empire:
A conflict is brewing between ransomware operators and their affiliates that could affect the way ransomware gangs operate and launch attacks in the future.
The rise of ransomware
Gangs of ransomware have long gone unpunished. Many ransomware gangs operate from Eastern Europe with the consent of their local governments. Despite the political pressure from the USA Russia did little Change the laws that allow ransomware gangs to operate within its boundaries. Law enforcement agencies can only arrest cyber criminals if they are traveling to extradition countries – for example threat actor Kaseya, who traveled to Poland from Ukraine.
The advent of ransomware as a service (RaaS) created a faster and more profitable business model for cyber gangs with lower entry barriers. RaaS also helped professionalize the ransomware industry, complete with customer service teams and reputation management, as well as additional resources for initiatives such as research and development.
Like Icarus, gangs of ransomware fly too close to the sun – and they will soon be burned.
Play it quickly and easily
the Colonial Pipeline Attack May 2021 is just one example of a gang of ransomware running too fast and too loosely. The ransomware incident – which sparked gas shortages and sparked an official government mandate to curb cybercrime – resulted in more setbacks than expected. DarkSide, the group behind the attack, admitted it didn’t want to cause any problems for society, and its only goal was to make money.
Other side effect of the attack on the Colonial Pipeline was an increasing difficulty in recruiting partners as government action banned the recruitment of ransomware groups from high-level Russian underground forums.
Take the smash-and-grab approach
Ransomware gangs are feeling the effects of larger, politicized attacks. More waves may form in the future. Recruiting challenges and political pressure could disrupt operations and ultimately hurt profits, leading ransomware gangs to resort to more caustic smash-and-grab methods.
As ransomware operations accelerate, cyber gangs can increasingly find themselves in a corner, and ransomware victims will feel the same impact. For example, the time between initial infection and encryption could be shortened dramatically and there could be less room for negotiation.
Whatever the outcome, organizations should be prepared for threat actors to abandon the decency that characterizes the current RaaS industry.
About the author
Mike Behrmann is a manager, digital forensics and incident response at Antigen Security. He worked for the National Security Agency for seven years, focusing on directing computer network exploitation operations, and was later assigned to the FBI Detroit Division’s Cyber Task Force as a threat analyst. In 2015, he moved into the private sector by joining the NetWorks Group, where he helped build the company’s Managed Detection and Response SaaS offering and later became MDR team leader. Most recently, he was Director of Security at Blumira, a SaaS startup for automated threat detection and response. Behrmann has earned numerous global certifications in information security and has advanced degrees in international affairs and information security.
#ransomware #service #style