The head of the Canadian Centre for Cyber Security says ransomware attacks are getting more common and sophisticated, with attackers now focused on stealing data and other sensitive information.
“They recognize that over time companies have become a little bit more sophisticated about having backups, so even if they lock the information technology, they can recover it from a backup,” Sami Khoury told Ottawa Citizen.
“What they’re going after now is information.”
Khoury said just over 300 ransomware attacks were reported to the Canadian Centre for Cyber Security in 2022, about the same number reported from the year before.
“But I can assure you the real number is nowhere near that,” Khoury said. “The real number might be closer to add a zero maybe to it.”
Takeaway: There is an increasing overlap between cybercriminal and nation-state-supported operations, with ransomware attackers adopting more sophisticated TTPs that include leveraging zero-day exploits and advanced techniques like DLL Side-Loading, for example.
It is clear that the majority of ransomware gangs are either loosely affiliated or wholly controlled by the Russian government, with ample overlap between threat actors, tooling, and attack infrastructure.
The Russians are very careful about how they conduct such attacks so they don't trigger an international incident that would elicit a response from the US or their allies.
Using ransomware gangs las a proxy to conduct the attacks in order to maintain plausible deniability and thwart attribution is the strategy here. This is one of the key reasons cyber operations have become such an important aspect of larger geopolitical issues - attribution is hard.
While some measures seem to indicate that ransomware attack volumes waned or significantly decreased in 2022, 2023 attack volume thus far shows that the ransomware problem is not going away any time soon.
Ransomware is still the number one threat to organizations, and the financial impact can be devastating.
Western governments are in a tough position regarding what actions to take to stem this wave of ransomware attacks, namely because there is so much ambiguity in determining root attribution for the attacks.
Ultimately, it's the Russian government that is both providing safe harbor for criminal elements conducting ransomware attacks with impunity and is very likely influencing some of their targeting.
Until the US and allied government directly sanctions the Putin regime for their direct or tacit support, we will not see this spate of ransomware attacks abate any time soon. It's only a matter of time before we see another massively disruptive attack against a critical infrastructure target.
Halcyon.ai is the industry’s first dedicated, adaptive security platform that combines multiple advanced proprietary prevention engines along with AI models focused specifically on stopping ransomware – talk to a Halcyon expert today to find out more.