Chris Swagler | November 22nd, 2022

This time last year, people were optimistic. It appeared that the tide was turning on ransomware after the United States government scored victories against cybercriminals that carried out increasingly damaging attacks, including the Justice Department seizing $2.3 million in bitcoin paid by Colonial Pipeline to the DarkSide ransomware group to recover its data. Additionally, they played an important role in bringing down the notorious REvil ransomware group. Despite the action, 2022 appears to be the worst year on record for ransomware attacks. Threat intelligence reveals that attacks have increased by 80% and cybercriminals responsible for the attacks have avoided law enforcement action by using ransomware-as-a-service or rebranding themselves.

Even though threat operators focused on critical infrastructure and financial services last year, their focus this year has been on companies where they can cause the most damage. The cyberattacks by Vice Society threat operators on the Los Angeles Unified School District saw the group leaking 500 gigabytes of sensitive data, including previous conviction reports and psychological assessments of students. The cyberattack on IT services provider Advanced left the United Kingdom’s NHS scrambling after having to cancel appointments and staff having to rely on taking notes on pen and paper. The most devastating cyberattack in 2022 was the Australian health insurance giant, Medibank, being breached by threat operators that accessed 9.7 million customers’ personal details and health claims data for 500,000 customers.

These cyberattacks not only show that ransomware is getting worse. They demonstrate that ransomware is a global problem that requires global action to successfully fight back. The United States government is taking steps in the right direction by establishing an International Counter Ransomware Task Force, or ICRTF, to promote information and capability sharing. Signing agreements and sharing intelligence is fine, however, it won’t prevent financially motivated cybercriminals from profiting from these attacks. Governments need a new method to gain ground on cyber criminals who continue to be successful. There are numerous transnational criminal ransomware actors and nation-state actors being identified and charged with various crimes. However, the offenders seem to always live in countries with no extradition treaty with countries issuing the indictments.

One area that can improve is human intelligence collecting and more penetration of state actors and criminal organizations is required. Ransomware is too often regarded as a technological problem. However, it’s humans using this technology to achieve an end goal and the element of greed can be targeted by increasing the cryptocurrency market regulation, which many believe can be on the horizon after the collapse of FTX. To permanently discourage ransomware actors, governments need to limit the financial instruments available to them. The limits include utilizing regulatory pressure on the cryptocurrency market to make tracking and recouping ransomware payments easier. Governments need to play a bigger in blocking cryptocurrencies, which is allowing threat operators to monetize strategies. Even though decentralized currencies, including bitcoin, aren’t inherently bad, or responsible for the ransomware epidemic companies are facing, they’re a huge factor.

Even though control and regulation undermine the original intent to decentralized currencies, there’s no denying that ransomware would not exist to its current extent without bitcoin. However, laws won’t be effective unless there’s a global effort, and numerous ransomware groups operate from countries that have no intention of assisting those who are being targeted. The problem has worsened due to Russia’s invasion of Ukraine, which has terminated all collaboration between Europe, the United States, and Russia on ransomware operations within Russia which urgently requires additional global government support. The attention has drastically eased down in 2022 because of Russia’s activities, where numerous groups operate safely. Even if governments banded together to combat the expanding ransomware problem, it’s unlikely to make an immediate impact. As we enter 2023, there’ll be no reprieve from ransomware as increasingly adept threat operators continue to use new attack vectors and reap financial rewards.

Governments are continuously working to provide more assistance and resources. Threat actors are always looking to gain an advantage and governments need to make them pay dearly every time threat actors launch an attack. Additionally, global companies need to always remain alert on the current threat landscape and regularly update network security infrastructure. At SpearTip, our certified engineers are continuously working 24/7/365 at our Security Operations Center monitoring companies’ data networks for potential ransomware threats and ready to respond to incidents at a moment’s notice. Our remediation experts focus on restoring companies’ operations, reclaiming their networks by isolating malware, and recovering business-critical assets. The ShadowSpear Platform, our cutting-edge integrable managed detection and response tool, uses comprehensive insights through visualization to detect unknown and advanced ransomware threats.

If your company is experiencing a breach, call our Security Operations Centers at 833.997.7327 to speak directly with an engineer.