As ransomware attacks continue to increase amidst the global conflict, organisations may question the power of cyber attacks in correlation to physical warfare. Do cyber operations have the potential to wipe out war as we know it? Will our soldiers and enemies become masks behind a screen?
This #RansomAware Wednesday, we’re looking at the impact of the arrest and extradition of a NetWalker ransomware affiliate, alongside the exploitation of unskilled Ukrainian hackers, and whether the global conflict is promoting or hindering their cyber efforts – questions that have risen amongst our threat intelligence team as these events have hit the news.
Want to listen instead?
Head over to our Threat Set Radio – Episode #161.
Recently, many organisations have been up against the threat of Ransomware as a Service (RaaS) groups – based on a subscription model, affiliates use already-developed ransomware tools to execute ransomware attacks. The Netwalker strain, which first made its appearance last year, is responsible for a number of high-profile attacks, including 17 ransomware attacks that caused damages of at least $2.8 million. The affiliate was originally sentenced to 138 months in a Canadian prison, where he was found with 719 Bitcoin when arrested, valued at approximately $28.1 million. In January of this year, he was extradited to the US to receive additional charges.
There are 2 key points worth noticing in the above scenario:
Overall, it seems that the arresting of ransomware affiliates is having a positive impact; many operations shut down and went extremely quiet, due to the attention of law enforcement but also the question as to whether these operations are worth the risk for affiliates. Cyber operations are perhaps losing their initial power to government constraints.
Whilst the arresting of ransomware affiliates may cause a hesitation for future cyber operations, there is still defining evidence that threat groups are taking advantage of the conflict in Ukraine to exploit unskilled Ukrainian hackers. SEO poisoning techniques have been deployed on open-source sites advertising DDoS tools that target Russian or pro-Russian websites. An Advanced Persistent Threat (APT) group have been identified selling a DDoS tool intended for use against Russian websites on Telegram, however, once deployed by unwitting users, the installed stealer malware infects the user instead of the intended target.
The above is a prime example of cyber criminals being opportunistic in taking advantage of the conflict for their own monetary gain, whether that is through themed email lures on news topics, or malicious links purporting to host relief funds or refugee support sites. Without conventional warfare, cyber criminals would not have the same advantages.
Whilst cyber-attacks, such as ransomware, are prevalent, there is no denying that investment is also heavily focused on the spread of disinformation over hacking attempts.
It is clear that law enforcement is making progress in fighting off RaaS groups with arrests and extraditions, but threat groups are not disappearing anytime soon. Cyber operations and conventional warfare seem to go hand in hand – when war is at play, cyber criminals exploit individual vulnerability for their own monetary gain. It only takes one global event to set up their perfect attack environment.
Organisations must, therefore, be extra vigilant when receiving unsolicited emails and information in regards to the Ukraine conflict. Is it from a reliable source? Are the links trustworthy?
To join us in further discussion, head over to our #RansomAware page for more insight into fighting ransomware, and don’t forget to join our LinkedIn group too.
Call us directly and we’ll put you in touch with the most relevant cyber expert.
Not currently free to call? Give us a brief description of what you’re looking for by filling out our form and we’ll email you as soon as we can.