The year the tide turned on ransomware - TechCrunch

The year the tide turned on ransomware TechCrunch

This year was fill with ransomware. 2022 saw the attack on IT software company Kaseya hit 1,500 offline groups, the Projekt Red CD hack which saw threat actors make it off with source code for games including Cyberpunk 2077 and The Witcher 3, and several high-profile attacks aimed at tech big name companies, from Olympus to Fujitsu and Panasonic.

It was also the year that grabbed global attention with a focus on critical infrastructure, slowing down the American Colonial Pipeline oil pipeline system, JBS meat processing giant and Iowa New Cooperative, an alliance of farmers who selling corn and soy, to name just a few.

After the attacks came a long shutdown, inflated oil prices and running the risk of food shortages, the U.S. government began to take notice - after years of activity - and seized some rare advantages in battle. which was once inaccessible against ransomware epilepsy.

It began in April when the Department of Justice set up the Ransomware and Digital Extortion Action Group. The move, which followed what the DOJ described as "the worst year" for ransomware attacks, aimed to prioritize "ransomware rioting, investigation, and prosecution and digital extraction activity." The action group announced its first victory two months later when the DOJ announced that it had arrested Alla Witte, a Latvian national, for his role in a "transcendent cyber agency". national ”was behind TrickBot, one of the best - known banking trojans and widely used ransomware tools.

An even bigger win came just days later when the DOJ announced it had seized $ 2.3 million in bitcoin paid by Colonial Pipeline to ransomware group DarkSide for retrieving their data. Since then, the U.S. government has offered a reward of up to $ 10 million for information that will help identify or locate the leaders of the notorious ransomware group.

Meanwhile, the Treasury announced sanctions against the Chatex cryptocurrency exchange for enabling spy transactions, just weeks after a similar action was taken against the Suex crypto exchange.

The biggest gain for the Action Group came in October with the collapse of the acclaimed ransomware group REvil. Prosecutors announced they had charged a 22-year-old Ukrainian national with ties to the group that ordered the July ransomware attack against Kaseya, and said he seized more than $ 6 million in ransom linked to another member of the celebrity ransomware group.

The U.S. government 's efforts to target ransomware groups this year have been praised by many, especially for pursuing the money. Chainalysis, a provider of blockchain trading analytics software, praised the Treasury's action against Suex as a "huge win" against ransomware operators, telling TechCrunch that it would be critical for the tools to go ransomware organizations reduce cash out of their cryptocurrency. Morgan Wright, chief security adviser at SentinelOne, said without removing the main incentive - financial gain - ransomware gang groups will continue to operate and expand.

"Attackers will always benefit by not having to follow the rules or the law. However, there are two approaches that can adversely affect the ability of transition ransomware organizations to achieve their goals - removing the ability to use cryptocurrency for ransoms and machine speed responses to attacks. machine speed, ”Wright said.

READ  You are just as good as a cybersecurity expert at seeing phishing email

The U.S. government was also offering rewards for information on ransomware tactics, such as the $ 10 million bounty for information on DarkSide, and the subsequent reward for intel on REvil. "With such huge rewards, it is a great incentive for these criminals to turn around. This action weakens trust across the ransomware as a connected service model, ”Jake Williams, CTO at BreachQuest, told TechCrunch.

But some believe that while government actions have undoubtedly frightened some, ransomware groups are unlikely to be discouraged from continuing to reap financial benefits.

“While I applaud law enforcement efforts to bring those responsible for ransomware attacks to justice, it does not appear that arrest and jail time are just greater than the large sums of money that the criminal organizations are committing. does that, ”said Jonathan Trull of Qualys, an IT security company. “Unfortunately, the battle against ransomware is very unfair, meaning that there are not enough law enforcement resources around the world to deal with the scale and complexity of the investigations required. ”

Wright agreed, and so far the US government has so far done: "Capturing two ransomware and getting back a few million dollars is not a win over ransomware. This is more of a political statement to 'show' that something is being done about ransomware. $ 2.3 million is not even worthy of a collection error when you look at the billions of dollars already lost. ”

Similarly, many believe that these tactics are unlikely to be enough to stop the ransomware threat as we enter the new year, especially as threat actors are changing their ransomware. some own. Experts believe that the ransomware-as-a-service (RaaS) model will continue - in which operators outsource their ransomware infrastructure to others as a return for a percentage of the ramomware money - succeeding in 2022, making it more difficult to enforce the law. find operators.

Others expect multi-level attack chains - the breaches that start with phish and lead to data theft and eventually ransomware - to become more common, which could allow hackers into even the most secure network infrastructures.

The latter is likely to lead to the U.S. government cooperating more closely with the private sector in 2022, according to Trull. "In my opinion, law enforcement alone is not going to turn the tide. It must be a combination of enforcement actions combined with specific efforts to harden systems, improve the backup of key data and systems, and an effective response from the private sector. ”

While it is clear that more action is needed, the US government is making progress. While some allegations have been ridiculed by some, it is clear that it has had an impact - particularly on the ability of ransomware organizations to advertise and hire affiliates. As a result of this unwanted attention, ransomware was banned from several popular hockey forums, leading to one hockey agency setting up a fraudulent company to lure unwilling IT experts in to support continued expansion into the ransomware profit industry.

"Ransomware groups are less welcome on some cyber forums than they once were," said Brett Callow, a ransomware expert and threat analyst at Emsisoft.

Related Posts

Deja una respuesta

Tu dirección de correo electrónico no será publicada.


We use cookies to ensure that we give the best user experience on our website. If you continue to use this site we will assume that you agree. More information