Read it Now — 2022 SonicWall Cyber Threat Report
Introduction: 2021: A Turning Point in the War on Ransomware
Five years ago, a debate erupted surrounding the infamous NotPetya cyberattack: Did it constitute an act of war?
This issue continued to be debated in the courts throughout 2021, but on the battlefields of business networks around the world, cybercriminals were launching a full-bore offensive.
Ransomware climbed an unprecedented 105% in 2021, and the explosive growth of strategies such as double and even triple extortion ensured that these attacks were more successful than ever. But as cybercriminals have grown more sophisticated and successful, they’ve also grown more ruthless — many of the high-profile ransomware attacks in 2021 looked more like acts of war than ever before, endangering our food supply, our water supply, our fuel supply, our hospitals and our municipalities.
That the courts ultimately decided cyberattacks such as NotPetya do not, in fact, constitute acts of war is irrelevant: Fed up with cybercriminals growing rich off their constituents, leaders around the world — from the local level to the international stage — have brought the war to them.
The UN Cybersecurity Open-Ended Working Group in March 2021 endorsed a report containing cybersecurity recommendations, the first time that a process open to all countries has resulted in consensus on international cybersecurity.
In May 2021, U.S. President Joe Biden issued a sweeping executive order on cybersecurity, which unifies cybersecurity standards across government agencies, emphasizes zero-trust principles and provides specific timelines for action.
In July, INTERPOL held its forum on ransomware. Advising that effectively preventing and disrupting ransomware would require “adopting the same international collaboration used to fight terrorism, human trafficking or mafia groups,” the group called for police agencies worldwide to form a global coalition with industry partners to stop ransomware’s exponential growth.
But perhaps the biggest testament to the threat ransomware poses to national security is the involvement of the U.S. military. In an interview with The New York Times, U.S. Cyber Command head Gen. Paul M. Nakasone explained that, while he once saw ransomware as the responsibility of law enforcement, attacks such as Colonial Pipeline and JBS represented a big enough threat to the nation’s critical infrastructure to warrant a more aggressive approach.
But this approach likely won’t include boots on the ground — an option that proves challenging given that a vast majority of these ransomware operators are in other countries, most of which are not U.S. allies and tend to only go after cybercriminals when it serves their agenda.
While high-profile arrests of cybercriminals continue, such as the REvil takedown in early 2022, they have been largely ineffective in stemming the tide of ransomware itself. The amount of time and resources required for each bust means that the criminal justice system is unable to keep up with the huge number of ransomware operators. And due to the lucrative nature of ransomware, as soon as one group is taken down, new ones rise to fill the void.
Instead, this approach will look a lot like their most ruthless attacks on civilians: a direct assault on their infrastructure. Pressure on the U.S. government to deploy intelligence and military solutions to attack the servers, networks and more used for cybercrime, dissemination of stolen data on the dark web and storing cryptocurrency payments is growing.
While he refrained from giving details, Nakasone confirmed that the military has taken an offensive stance against ransomware groups. One known example is when Cyber Command assisted in the recovery of millions in ransom that Colonial Pipeline paid to attackers.
Though recoveries such as this have historically been rare, this may be the first in an emerging trend. A major factor credited in this recovery is the work of a recently formed Ransomware and Digital Extortion Task Force. In an interview with Reuters, a senior U.S. DOJ official said the formation of this task force “elevates investigations of ransomware attacks to a similar priority as terrorism.”
As the amount of media attention and government involvement in the wake of high-profile attacks increases, these groups have grown wary, with many laying low or disappearing altogether. This could lead to groups lowering ransom demands in hopes of flying under the radar and continuing to hack another day — which could contribute to fewer attacks if success no longer means netting a life-changing fortune for the entire syndicate.
In other words, in the end, the most lethal shots to ransomware may well be the ones that hit where it hurts most: the wallet.
Read the full 66 page report here: https://www.sonicwall.com/medialibrary/en/white-pa...