29th May 2022
US-Russia collaboration led to breakup of REvil ransomware group at start of year, but reappearance of gang and Ukraine conflict suggest decline may be short-lived.
National Security Agency cybersecurity director Rob Joyce revealed that global ransomware attacks have decreased in recent months, as a potential result of sanctions against Russia. According to Databarracks, attacks are likely to rise again soon due to the breakdown in international cooperation caused by the Russia-Ukraine conflict.
Barnaby Mote, managing director at Databarracks, comments “International cooperation is a necessity for policing ransomware. One of the causes of ransomware’s growth is that some states turned a blind eye to ransomware gangs, as long as they did not target local victims.
The Ransomware Task Force outlined clearly what needs to be done to address the issue: "…exert pressure on nations which are complicit, or refuse to take action against domestic ransomware groups. “We saw the benefits of this approach with REvil earlier in the year. The group was broken up and several members were arrested in Russia following pressure from the US to take action.
As relations with Russia are at rock bottom, there are already signs REvil is active again, with some speculating that Russian authorities released those arrested at the start of the year.”
According to Mote, the uncertain outlook means businesses should be prepared for a new surge in ransomware attacks.
He added “You can’t rely on international diplomacy to keep a lid on ransomware in the best of times, so it’s even less sensible to do so now. If you want to be able to reject a ransomware demand, you need to be prepared to recover your data yourself.
Protection from ransomware covers all aspects of cyber security from user awareness training and patching through to incident response and recovery.
The NCSC has issued guidance on ‘Actions to take when the cyber threat is heightened’. We would also recommend the NIST’s Cybersecurity Framework. Preventing an attack altogether is obviously preferable but it is not guaranteed. Rapid detection and response can significantly limit the damage and minimise the scale of the recovery effort.
“The last line of defence is always to recover from backups. Advanced ransomware attacks now will either target backups directly or will delay detonation to outlast shorter backup retention policies. Protect your backups using immutable storage and physical or logical air-gaps to prevent them from being changed or encrypted.”
Databarracks Trends(8 articles)
Cyber Trends(1,276 mentions in Insurance Newslink)