Ukraine war cuts ransomware as Kremlin co-opts hackers
THE Ukraine war has helped reduce global ransomware attacks by 10pc in the last few months, a British cyber security company has said.
Criminal hacking gangs, usually engaged in corporate ransomware activities, are increasingly being coopted by the Russian military to launch cyber attacks on Ukraine, according to Digital Shadows.
“[The war] is likely to continue to motivate ransomware actors to target government and critical infrastructure entities,” said Riam Kim-McLeod, a threat intelligence analyst at Digital Shadows. Such attacks partly contributed to a 10pc drop in the number of ransomware threats launched during the three months to September, said the London-based company.
The drop in ransomware may also partly be caused by tit-for-tat digital attacks between rival hacking gangs, Kim-McLeod said. Researchers said the Lockbit gang, who recently hit LSElisted car retailer Pendragon with a $60m (£53m) ransom demand, were the target of attacks from underworld rivals.
“The group is increasingly inviting resentment from competing threat groups and possibly former members,” said Kim-McLeod.
She explained that some cyber criminals’ servers went offline in September after what appeared to be an attack from competitors, saying: “In the world of cyber criminality, it is not uncommon for tensions to flare among rivals.”
Figures published by the Department for Digital, Culture, Media and Sport this year revealed the average costs to businesses caused by ransomware attacks is around £19,000 per incident.
US-based cyber-security company Palo Alto Networks, however, warned the average ransom payment it saw in the early part of this year was $925,000.
British businesses do not feature highly on lists of targeted countries but some research suggests that when targeted, they are likely to pay out. Four fifths of targeted British companies gave in to ransomware criminals’ demands during 2021, according to Israeli cyber-security firm Proofpoint.
Lockbit is thought to be a Russian or eastern Europe-based criminal collective. It was behind a cyber attack in August that briefly knocked the NHS’s 111 non-emergency phone number offline.