Ukraine war cuts ransomware as Kremlin co-opts hackers
The Ukraine war has helped reduce global ransomware attacks by 10pc in the last few months, a British cybersecurity company has said.
Criminal hacking gangs, usually engaged in corporate ransomware activities, are increasingly being co-opted by the Russian military to launch cyberattacks on Ukraine, according to Digital Shadows.
“[The war] is likely to continue to motivate ransomware actors to target government and critical infrastructure entities,” said Riam Kim-McLeod, a threat intelligence analyst at Digital Shadows.
Such attacks partly contributed to a 10pc drop in the number of ransomware threats launched during the three months to September, said the London-based company.
The drop in ransomware may also partly be caused by tit-for-tat digital attacks between rival hacking gangs, Kim-McLeod said.
Researchers said the Lockbit gang, who recently targeted LSE-listed car retailer Pendragon with a $60m (£53.85m) ransom demand, were the target of attacks from their underworld rivals.
“The group is increasingly inviting resentment from competing threat groups and possibly former members,” said Kim-McLeod.
She explained that some cybercriminals’ servers went offline in September after what appeared to be an attack from competitors, saying: “In the world of cyber criminality, it is not uncommon for tensions to flare among rival groups.”
Officials from GCHQ’s National Cyber Security Centre have said ransomware is one of the biggest cyber threats facing the UK. Figures published by the Department for Digital, Culture, Media and Sport this year revealed the average costs to businesses caused by ransomware attacks is around £19,000 per incident.
US-based cyber security company Palo Alto Networks, however, warned that the average ransom payment it saw in the early part of this year was $925,000 (£829,000).
British businesses don’t feature highly on lists of commonly targeted countries, but some research suggests that when targeted, they are likely to pay out. Four fifths of targeted British companies gave in to ransomware criminals’ demands during 2021, according to Israeli cyber security company Proofpoint.
Lockbit is thought to be a Russian or Eastern Europe-based criminal collective. The gang’s members were behind a cyberattack in August that briefly knocked the NHS’s 111 non-emergency phone number offline.