The trend carries on: ransomware attacks continue to be in the news in 2021. Extensive security breaches, massive ransomware demands, and attacks on companies of all sizes and across a wide range of industries attracted the attention of the media and regulators, who stepped up their response to these developments in the last quarter of the year. New regulations aim to ensure that companies, and especially their IT and administrative officers, take the threat of ransomware seriously.

The five most important insights from Q4 2021

In-depth knowledge of current ransomware developments is essential to take action to protect corporate resources.

  1. The U.S. State Department is making the reporting of cybercrime more attractive through bounties.
    The U.S. State Department placed a $10 million bounty on the DarkSide and Sodinokibi ransomware groups in 2021 and a $5 million bounty on associates of said cyber gangs. Issuing a bounty is a proven measure: since 1984, the Department has paid more than $200 million for information passed on that was beneficial to the U.S. security status.

  2. Cyber insurance companies are taking a more conservative approach.
    In 2021, more and more companies took out cyber insurance due to the ever-increasing number of cyber attacks, which is also causing the number of claims against cyber insurance policies to rise. Cyber insurers continue to evolve as this dynamic continues. Lloyds of London, for example, no longer covers all types of damage. Thus, for instance, in the case of cyber warfare or retaliatory cyber activity, indemnities are no longer paid.

  3. Government makes names public.
    In November 2021, the Ukrainian Security Service disclosed the names and positions of five members of a large cybercrime syndicate and their connection to the Crimean branch of the Federal Security Service of the Russian Federation (FSB). Recorded phone conversations in which attacks and internal salaries were discussed were also released. The Ukrainian Security Service states that said group massively attacked the Ukrainian government in more than 5,000 cyber attacks. Despite the disclosure of the information, the group continued its attacks as tensions between Russia and Ukraine continue to escalate and are currently at their tragic peak.

  4. Sanctions take effect.
    A ransomware group affiliated with Evil Corp - a sanctioned organization - released information in October 2021 that was allegedly stolen from the U.S. National Rifle Association (NRA). This attack was never confirmed by the NRA. Presumably, among other reasons, because they would put themselves in a predicament with a confession - because if they paid the attackers, the U.S. government could impose sanctions on them.

    Sanctions also affect the behavior of ransomware groups: Sanctioned groups are less likely to persuade their victims to pay. But cunning cyber attackers find adequate solutions to this problem as well. For example, by establishing subsidiaries or offshoots, which for unknowing victims seem to have no connection with the sanctioned company. If cyber victims are not aware of the connection between the groups, they are more willing to pay ransom and also more reluctant to report the attacks publicly. However, if the attacks are discovered and uncovered by the relevant authorities, it is usually not enough to proclaim one's innocence to avoid consequences and penalties.

  5. Market players in the ransomware economy are coming under fire.
    The opaque web of the ransomware economy includes more than just ransomware operators. In December 2021, researchers linked more than 15 ransomware-related crypto exchanges to a single prestigious skyscraper in Moscow - the tallest in the city, to be exact. The findings fuel security experts' belief that Russian authorities are steering clear of ransomware gangs and how to combat them.
So, where do these findings come in?

Many ransomware operations were audited in the last quarter of the year. Stopping ransomware, however, continues to seem an impossibility. If a group is exposed and disbanded in the process, its operators simply create a new brand and continue to use their resources. Ransomware will be around for a long time to come, and the risks for companies that fall victim to it will only increase due to the new sanctions. For this reason, protection against ransomware is indispensable and a mandatory measure for companies.

Sources:
https://www.backblaze.com/blog/ransomware-takeaways-from-q4-2021/
https://www.ashurst.com/en/news-and-insights/insights/ransomware-new-legislation-should-criminalise-making-ransomware-payments