For ransomware groups, the golden age may be over

After several years of rampant growth and huge profits, the golden age may be over for computer ransomers, who are facing more resistance.

A scourge that has caused billions of dollars of damage on the planet, ransomware blocks access to the data of victims, who can no longer use their computers. The decryption key is delivered by hackers in exchange for a ransom.

“I don’t know if we have reached a peak, but the acceleration is decreasing”, explained in December before the French deputies Guillaume Poupard, the director general of the National Agency for the Security of Information Systems.

Since then, several clues have come to corroborate the idea of ​​a plateau, or even a decline in the effectiveness of ransomware groups, which are mostly Russian-speaking.

According to figures from the Paris prosecutor’s office, which has shared national jurisdiction over these cases, the number of ransomware investigations fell to 420, after falling from 17 in 2019 to 496 in 2021.

And globally, the amounts paid by victims to hackers fell 40.3% in 2022, to $456.8 million, the lowest level in 3 years, according to figures released Thursday by Chainalysis, a company American specialist in the study of cryptocurrency transactions.

“This figure is credible”, because large companies are now better protected against the threat of ransomware, and have “become less easy to attack”, told AFP Gerome Billois, “cybersecurity” partner at the consulting firm Wavestone.

“There is a displacement of the threat towards targets” smaller, medium-sized company, SME, local authorities, hospitals, he continues.

These targets are much less juicy for the attackers, since either their means are limited, or they cannot pay, like public institutions, he explains.

“But the preparation time for an attack is the same whether you are attacking a network of 1,000 computers or a network of 50,000 computers,” he recalls.

Expert in threat knowledge at Thales, Ivan Fontarensky confirms that “ransomware attacks have not increased in 2022, they have even decreased in Europe”.

But for all that, the fall in ransoms detected by Chainalysis leaves him skeptical: “I would not speak of a reduction” in ransomware but “rather of stabilization”.

“Victims are increasingly negotiating their ransoms,” he said. It is likely that some hackers are also now engaged in attacks that are more “political” than financial, in connection with the Russia-Ukraine war, he adds.

– “Extravagances seem far away” –

“Continued pressure from the authorities with numerous arrests” and “multiplying non-payment instructions” also play a role in this “slowdown” on the ransomware front, notes David Grout, one of the European officials. of the American cyber defense specialist Mandiant.

Valery Marchive, a specialist journalist at MagIT who systematically monitors the activity of ransomware groups, explains for his part that “particularly low ransom demands could be observed in 2022”.

“Extravaganzas” of hackers asking for up to $50 million in 2021 “seem far away” when last September affiliates of the LockBit 3.0 group “just asked for $2,800,” he notes.

“The watchword” for pirates “now seems to be to make sure you get paid, even if the amount obtained is relatively moderate,” he said.

Despite this relative lull, cybercrime remains extremely dangerous, repeat all the experts.

“Frauds in NFTs” (digital certificate of authenticity based on the blockchain) “and in decentralized finance” (financial operations in cryptocurrencies) “generate a lot of dollars, not to mention the compromise of professional emails” and their procession of scams and scams, recalls Loïc Guezo, secretary general of Clusif (French association of cybersecurity professionals).

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.