This time last year, we were optimistic. It seemed like the tide was turning on ransomware after the U.S. government scored a handful of wins against the cybercriminals carrying out these increasingly damaging attacks: the Justice Department successfully seized $2.3 million in bitcoin that Colonial Pipeline paid to the DarkSide ransomware gang to reclaim its data, and months later it played a part in bringing down the notorious REvil ransomware gang.
Our optimism was short-lived. Despite this action, 2022 looks set to top last year as the worst year on record for ransomware attacks; a recent report shows that attacks have increased by 80% year-over-year and that the cybercriminals responsible for these attacks have easily dodged law enforcement action by taking advantage of ransomware as a service, or by simply rebranding.
“It’s clear that ransomware attacks are on the rise,” Matthew Prince, CEO of Cloudflare, tells TechCrunch. “In September 2022, nearly one in every four respondents to our customer survey reported receiving a ransomware attack or threat, the highest month so far of 2022.”
The worst year for ransomware attacks
2022 hasn’t just been the worst year for ransomware attacks statistically, it has also just been... the worst. While hackers last year focused on critical infrastructure and financial services, this year's focus has been on organizations where they can inflict the most damage.
An attack on the Los Angeles Unified School District saw Vice Society hackers leak a 500 gigabyte trove of sensitive data, including previous conviction reports and psychological assessments of students, while an attack on IT services provider Advanced left the U.K’s NHS scrambling after it was forced to cancel appointments, and staff relying on taking notes with pen and paper.
Perhaps the most devastating attack of 2022 came just weeks ago after attackers breached Australian health insurance giant Medibank and accessed roughly 9.7 million customers’ personal details and health claims data for almost half-a-million customers. Data stolen during the attack included sensitive files related to abortions and alcohol-related illnesses.
These attacks don’t just demonstrate that ransomware is worsening. They also show that ransomware is a global problem and that global action is needed to fight back successfully. Earlier in November, the U.S. government started to take strides in the right direction, announcing that it will establish an International Counter Ransomware Task Force, or ICRTF, to promote information and capability sharing.
“This is a global issue, so governments need to come together,” Camellia Chan, CEO and founder at cybersecurity firm X-PHY tells TechCrunch. “That said, collaboration alone won’t provide a solution. It’s more than signing an agreement.”
Fuel tanks are seen at Colonial Pipeline Baltimore Delivery in Baltimore, Maryland on May 10, 2021. The U.S. government declared a regional emergency on May 9, 2021 as the largest U.S. fuel pipeline system remained largely shut down, two days after a ransomware attack. Image Credits: Jim Watson / AFP via Getty Images.
This is a viewpoint shared among the cybersecurity community: Signing agreements and sharing intelligence is all well and good, but it’s unlikely to deter financially motivated cybercriminals that continue to reap the rewards of these attacks.
To gain ground on cybercriminals that continue to achieve a high rate of success, governments need a fresh approach.
More government cooperation?
“You can’t arrest your way out of the problem,” Morgan Wright, chief security advisor at SentinelOne, tells TechCrunch. "There are numerous examples of both transnational criminal ransomware actors and nation-state actors being identified and indicted for various crimes. These offenders almost always live in countries with no extradition treaty with the country that has issued the indictments.”
“One area I would like to see an increased effort is in the area of human collection of intelligence,” Wright added. “We need more penetration of state actors and criminal organizations. Too often, ransomware is viewed as a technical issue. It’s not. It’s human greed that uses technology to achieve an end goal.”
This element of greed could also be targeted by increasing regulation of the cryptocurrency market, which many believe could be on the horizon following the recent collapse of FTX. Former CISA assistant director Bob Kolasky said that in order to discourage ransomware actors for good, governments need to reduce the financial instruments available for them to use.
“This includes using regulatory pressure on the cryptocurrency market to make tracking and recouping ransomware payments easier,” Kolasky tells TechCrunch, a view shared by others.
“We need governments to take a bigger role in blocking cryptocurrencies, which is the enabler of attacker monetization strategies," David Warburton, director of networking company F5 Labs, agrees, telling TechCrunch: “While decentralized currencies, such as bitcoin, aren’t inherently bad, nor solely responsible for the ransomware epidemic we’re facing, there’s no denying they are a huge factor."
"While control and regulation somewhat defeat the original intent of decentralized currencies, there’s no escaping the fact that without Bitcoin, ransomware simply wouldn’t exist,” said Warburton.
Read more on TechCrunch
But legislation wouldn’t work unless it’s a global effort, he said: “Many ransomware groups operate from countries which have no motivation to help those that are being targeted.”
This is a problem that, like ransomware itself, has been worsened by Russia’s invasion of Ukraine, which has ended any cooperation between Europe, the U.S. and Russia on ransomware operations inside Russia. Jason Steer, chief information security officer at threat intelligence giant Recorded Future, said that this is an area that immediately needs more global government support.
“The focus has significantly dropped off in 2022 due to Russia's activities, where in fact many groups operate safely from,” said Steer.
Even if governments joined forces to collaboratively fight the growing ransomware problem, it's unlikely to have any immediate effect. Security experts expect no respite from ransomware as we enter 2023 as increasingly savvy hackers exploit new attack vectors and continue to reap the financial rewards.
“There are governments that are working to provide more support and resources. But it will never be enough,” says Wright. “Bad actors will always have the advantage, but we should make them pay in a significant way every time an attack is launched.”