Talion is a finalist for Best SIEM Solution for the 4th year in a row

Talion is a finalist for Best SIEM Solution for the 4th year in a row

Will Cyber Operations Ever Replace Conventional Conflict Tactics? - Talion

As ransomware attacks continue to increase amidst the global conflict, organisations may question the power of cyber attacks in correlation to physical warfare. Do cyber operations have the potential to wipe out war as we know it? Will our soldiers and enemies become masks behind a screen?

This #RansomAware Wednesday, we’re looking at the impact of the arrest and extradition of a NetWalker ransomware affiliate, alongside the exploitation of unskilled Ukrainian hackers, and whether the global conflict is promoting or hindering their cyber efforts – questions that have risen amongst our threat intelligence team as these events have hit the news.


Want to listen instead?

Head over to our Threat Set Radio – Episode #161.


Does Arresting Ransomware Affiliates Reduce Cyber Impact?

Recently, many organisations have been up against the threat of Ransomware as a Service (RaaS) groups – based on a subscription model, affiliates use already-developed ransomware tools to execute ransomware attacks. The Netwalker strain, which first made its appearance last year, is responsible for a number of high-profile attacks, including 17 ransomware attacks that caused damages of at least $2.8 million. The affiliate was originally sentenced to 138 months in a Canadian prison, where he was found with 719 Bitcoin when arrested, valued at approximately $28.1 million. In January of this year, he was extradited to the US to receive additional charges.




There are 2 key points worth noticing in the above scenario:

  1. The efforts of law enforcement to arrest these affiliates – this is vital to deter individuals from joining RaaS groups going forward, as affiliates will be wary of hefty charges if caught.
  2. Affiliates are extradited to face their charges – many are questioning Putin’s motives behind arresting the REvil affiliates. Was it a strategic move? Is he utilising them towards his own hybrid warfare tactics?


Overall, it seems that the arresting of ransomware affiliates is having a positive impact; many operations shut down and went extremely quiet, due to the attention of law enforcement but also the question as to whether these operations are worth the risk for affiliates. Cyber operations are perhaps losing their initial power to government constraints.


Exploitation of Unskilled Ukrainian Hackers

Whilst the arresting of ransomware affiliates may cause a hesitation for future cyber operations, there is still defining evidence that threat groups are taking advantage of the conflict in Ukraine to exploit unskilled Ukrainian hackers. SEO poisoning techniques have been deployed on open-source sites advertising DDoS tools that target Russian or pro-Russian websites. An Advanced Persistent Threat (APT) group have been identified selling a DDoS tool intended for use against Russian websites on Telegram, however, once deployed by unwitting users, the installed stealer malware infects the user instead of the intended target.

The above is a prime example of cyber criminals being opportunistic in taking advantage of the conflict for their own monetary gain, whether that is through themed email lures on news topics, or malicious links purporting to host relief funds or refugee support sites. Without conventional warfare, cyber criminals would not have the same advantages.


The Spread of Misinformation

Whilst cyber-attacks, such as ransomware, are prevalent, there is no denying that investment is also heavily focused on the spread of disinformation over hacking attempts.

  • Russia have accused Ukraine of stockpiling chemical and biological weapons – a fake claim that perhaps foreshadows their own capabilities
  • FancyBear, who works for the Russian intelligence services, is focusing on compromising media outlets to skew the spread of legitimate news and promote fake news – destructive attacks are not being observed


Hands holding mobile phone with fake news message on a blurred night city as background


It is clear that law enforcement is making progress in fighting off RaaS groups with arrests and extraditions, but threat groups are not disappearing anytime soon. Cyber operations and conventional warfare seem to go hand in hand – when war is at play, cyber criminals exploit individual vulnerability for their own monetary gain. It only takes one global event to set up their perfect attack environment.

Organisations must, therefore, be extra vigilant when receiving unsolicited emails and information in regards to the Ukraine conflict. Is it from a reliable source? Are the links trustworthy?


#RansomAware banner


To join us in further discussion, head over to our #RansomAware page for more insight into fighting ransomware, and don’t forget to join our LinkedIn group too.

Watch demo video
We’re a tight-knit, highly skilled operation, so when a threat arises, we move quickly.
Watch demo video
We’re a tight-knit, highly skilled operation, so when a threat arises, we move quickly.
24x7x365 UK-based Security Operations Centre
Service underpinned by market leading threat intelligence team
Continually developed threat relevant content, backed by SLAs
MDR service has featured in the Gartner Magic Quadrant for 6 consecutive years
Experts in SIEM and SOAR technology
UK-based Senior Leadership
Looking to maximise value and flexibility?
Learn how Talion and DEVO partner to achieve this.
Discuss your cyber security needs
Contact us below and one of our team will be in touch to answer your questions.

Call us on 0800 048 5775

Call us directly and we’ll put you in touch with the most relevant cyber expert.

Get In Touch With Us

Not currently free to call? Give us a brief description of what you’re looking for by filling out our form and we’ll email you as soon as we can.

CISO Cyber Dinner – Register Your Interest!

Thought-provoking cyber security discussion at Michelin-star restaurants across the UK.