This year was full of Ransomware. 2021 witnessed the attack on an IT software company Kaseya who threw 1,500 organizations offline, the CD Projekt Red-Hack in which threat actors got away with source code for games like Cyberpunk 2077 and The Witcher 3, as well as several high-profile attacks against well-known tech companies, by Olympus to Fujitsu and Panasonic.
It was also the year hackers gained worldwide attention by targeting critical infrastructure and hacking the American oil pipeline system Colonial pipeline, meat processing giant JBS and the Iowa New Cooperative, an association of farmers who sell corn and soy, to name a few.
After the attacks resulted in prolonged shutdowns, increased oil prices and the threat of food shortages, the US government – after years of inactivity – took notice and scored some rare victories in a once-unsuccessful battle against the ransomware epidemic.
It started in April when the Justice Department created the Ransomware and Digital Extortion Task Force. The move, following what the DOJ called “the worst year” for ransomware attacks, was aimed at making “disrupting, investigating and tracking ransomware and digital extortion activities” a priority. The task force announced its first victory two months later when the DOJ announced that it had arrested 55-year-old Latvian national Alla Witte and charged her with her role in “a transnational cybercrime organization” behind it TrickBot, one of the most famous and widely used banking Trojans and ransomware tools.
An even bigger win came just days later when the DOJ announced it had seized $ 2.3 million in Bitcoin that Colonial Pipeline had paid the DarkSide ransomware gang to reclaim their data. Since then, the US government has offered a reward of up to $ 10 million for information that will help identify or track down the leaders of the infamous ransomware group.
At the same time, the Treasury Department announced sanctions against the Chatex cryptocurrency exchange for facilitating ransom transactions, just weeks after it took similar measures against the Suex cryptocurrency exchange.
The biggest win for the task force came in October with its interruption of the infamous REvil ransomware gang. Prosecutors said they had charged a 22-year-old Ukrainian national linked to the gang that orchestrated the July ransomware attack against Kaseya and said they had confiscated more than $ 6 million in ransom tied to another member of the infamous ransomware group.
The U.S. government’s efforts to target ransomware groups this year have been welcomed by many, particularly for their money-hunting tactics. Chainalysis, a provider of software for analyzing blockchain transactions, praised the Treasury Department’s actions against Suex as a “big win” against ransomware operators and told TechCrunch that dismantling the mechanisms for ransomware groups to pay off their cryptocurrency would be crucial to slow them down. Morgan Wright, SentinelOne’s chief security advisor, said gangs of ransomware will continue to operate and expand without removing their main incentive – financial gain.
Read more on TechCrunch
“Attackers will always have an advantage because they don’t have to obey rules or laws. However, there are two approaches that could seriously affect the ability of transitional ransomware gangs to achieve their goals – removing the ability to use cryptocurrencies for ransom and machine speed responses to machine speed attacks, “Wright said.
The US government also offered rewards for information about ransomware tactics, such as the $ 10 million bounty for information about DarkSide and the subsequent reward for information about REvil. “With such high rewards, there is a significant incentive for these criminals to attack each other. This action undermines trust in ransomware as a service partner model, “Jake Williams, CTO of BreachQuest, told TechCrunch.
However, some believe that while the government’s actions have undoubtedly put some off, it is unlikely to deter ransomware gangs who continue to reap the financial benefits.
“While I applaud the efforts of law enforcement to bring those responsible for ransomware attacks to justice, the likelihood of arrest and jail time just doesn’t outweigh the large sums of money made by these criminal groups,” said Qualys’ Jonathan Trull. Support for an IT security company. “Unfortunately, the fight against ransomware is asymmetrical, which means that there simply aren’t enough law enforcement resources around the world to handle the volume and complexity of the investigations required.”
Wright agreed and was unimpressed by the US government’s activities to date: “Arresting two people and getting a few million dollars back is not a victory over ransomware. This is more of a political statement to ‘show’ that something is being done about it. “$ 2.3 million isn’t even worth a rounding error, considering the billions of dollars already lost.”
Likewise, many believe these tactics won’t be enough to stave off the growing ransomware threat as the New Year begins, especially as threat actors customize their own. Experts predict that the Ransomware-as-a-Service (RaaS) model – in which operators rent their ransomware infrastructure to others for a percentage of the ransom proceeds – will continue to be successful in 2022, which is what law enforcement agencies do makes it more difficult to track down operators.
Others expect multilevel chains of attacks – the violations that start with a phish and lead to data theft and ultimately ransomware – to become more common, which could allow hackers to infiltrate even the most protected network infrastructures.
The latter, according to Trull, will likely lead the U.S. government to work more closely with the private sector in 2022. “In my opinion, law enforcement alone will not turn the tide. It must be a combination of enforcement actions coupled with dedicated efforts to harden systems, develop and operationalize backups of key data and systems, and an effective response from the private sector. “
While it is clear that more action is needed, the US government is making progress. While a handful of charges were ridiculed by some, it clearly had an impact – particularly in the ability of ransomware groups to advertise and recruit potential partners. As a result of this unwanted attention, ransomware has been banned from several popular hacking forums, resulting in a group of hackers creating a fake company to get ignorant IT professionals to support his further expansion into the lucrative ransomware industry.
“Ransomware gangs are less welcome in certain cybercrime forums than they used to be,” said Brett Callow, ransomware expert and threat analyst at Emsisoft.
#year #ransomware #flood #hit