New Defenses and Countermeasures Thwart Ransomware Attacks

According to federal officials, cybersecurity experts, and blockchain companies, ransomware, a hacking epidemic that has damaged hospitals, schools, and public infrastructure, saw a sharp decline in extortion payments last year.

‍

After skyrocketing for years, both the amount of money paid to ransomware perpetrators and the likelihood that a victim would hand up the ransom fell in 2022. With ransomware, hackers encrypt hard drives and lock up a victim's computer network until the victim pays.

‍

The cybersecurity division of Google Inc., Mandiant, reported a 15% decrease in ransomware breaches in 2022 compared to 2021. Another American cybersecurity company, CrowdStrike Holdings Inc., reported a drop in average ransom demands from $5.7 million in 2021 to $4.1 million in 2022, which the company attributed to the dismantling of significant ransomware gangs, including arrests, and a decline in the value of cryptocurrencies. Cryptocurrency is typically used to pay ransomware.

‍

According to Chainalysis Inc., a blockchain analytics company, payments to ransomware groups fell by 40% last year and totaled $457 million. This is $309 million less than the total for 2021.

‍

According to Deputy Attorney General Lisa Monaco, "it shows the transition we have made to a posture where we're on our front foot." We are concentrating on making sure we are taking every precaution to stop the attacks from happening in the first place.

‍

Better corporate security procedures have slowed the hacking gangs responsible for ransomware outbreaks. In order to assist victims in avoiding paying ransom demands, federal officials have also tried innovative strategies. Major ransomware gangs have been dismantled by asset seizures, one of which recently had layoffs, according to cybersecurity experts.

‍

The evidence of improvement only covers one year of a decline and might be an anomaly. While some hacking techniques may become obsolete, hackers themselves rarely go unnoticed for very long. When ransomware offenders looked for easier targets in 2022, some businesses and experts said they observed a worsening outlook in some industry sectors.

‍

According to government representatives and businesses engaged in addressing ransomware infections, U.S. government sanctions against ransomware operators have served as a deterrence. The FBI has been successful in recovering ransomware payments, including $2.3 million paid during an incident in 2021 that caused the Colonial Pipeline, a significant gasoline pipeline to the United States, to be shut down. eastern coast. And last month, the FBI said that by breaking into servers controlled by the Hive ransomware gang and giving away the group's decryption keys—used to reverse the effects of ransomware—for free, it had prevented $130 million in potential ransomware earnings from occurring in 2017.

‍

Yelisey Bohuslavskiy, chief research officer at the threat intelligence company Red Sense LLC, claims that in the fall, some 45 call-center employees were let go by former members of the Conti ransomware group.

‍

He claimed that although the call centers had been employed as part of a scheme to trick potential victims into installing remote-access software on networks that would later become infected with ransomware, they wound up going out of business.

‍

Businesses have also improved their cybersecurity procedures as a result of insurance underwriters' expectations and a greater comprehension of the dangers of ransomware as a result of high-profile assaults. Business continuity and backup software, which enables computer systems to resume after being infected, is being purchased by businesses at a higher rate.

‍

According to Coveware Inc., which assists victims in defending against ransomware incursions and has handled thousands of instances, U.S. businesses are more capable of recovering from ransomware assaults than they were four years ago because to increased backups.

‍

In 2014, 85% of ransomware victims paid their assailants in the end. According to Coveware Inc., that percentage is currently 37%. Acting CEO Bill Siegel. Hackers are seeking more profitable targets as more victims refuse to pay. According to Mr. Siegel, the average ransomware payout in the last quarter of 2022 was just over $400,000, an increase from over $300,000 in the final quarter of 2021.

‍

Cybercriminals with a financial incentive "will go where the prospects are profitable," he warned.

‍

It's believed that some company sectors have endured more harm in recent months. According to security company Dragos Inc., which specializes in the cybersecurity of industrial systems, ransomware attacks against industrial enterprises, including manufacturing, food and beverage, and energy industries, surged in 2022.

‍

During the past two years, Ms. Monaco and other law enforcement officials have advocated for a shift away from merely accusing foreign hackers, who might never set foot in a courtroom. Instead, they devote resources to stopping cyberattacks before they can cause more harm, a strategy they have compared to actions taken to fight terrorism after the attacks of September 11, 2001.

‍

Speaking on Friday at the Munich Cyber Security Conference, Ms. Monaco stated, "We needed to shift our orientation...to one where we are putting prevention first, disruption first, and placing victims at the core of our approach. "That implies we're attempting to undermine ransomware criminals' economic viability."

‍

Following the 2021 Colonial pipeline attack, the Biden administration started classifying ransomware as a national-security issue, changing its previous perception of it as more of a criminal annoyance. President Biden began urging Russian President Vladimir Putin to restrict ransomware assaults from Russia after other significant ransomware attacks that summer that were all connected to Russian-speaking criminal hackers.

‍

The rate of Russian ransomware attacks on American firms appeared to briefly slow at the start of the battle a year ago, according to U.S. officials and cybersecurity experts, Trade Algo previously reported. At the time, it was unclear whether the fall indicated a sustained upswing or only a short-term disturbance brought on by the wars. Russian officials have refuted U.S. claims that they are complicit in or condone cybercrime.

‍

According to experts, financially driven hackers may switch from ransomware to other attack methods including schemes to steal payment card information.

‍

According to Adam Meyers, senior vice president of intelligence at CrowdStrike, "just because traditional ransomware has slowed pace doesn't imply threat actors have."