The number of ransomware attacks has gone down in recent months because sanctions against Russia are making it harder for cyber criminals to organise attacks and receive ransom payments, Rob Joyce, director of cybersecurity at the National Security Agency (NSA), has revealed.
Some of the most significant ransomware events of the past year have hit targets in the United States, including the Colonial Pipeline ransomware attack, which restricted gas supplies for large parts of the country – and resulted in a ransom payment of millions of dollars being paid to cyber criminals.
“Ransomware is a huge aspect of where we learned cybersecurity is national security. And we’re seeing the criminal element push through and impacting not only the businesses, but all the way into governments and society at large,” said Joyce, speaking at the National Cyber Security Centre’s (NCSC) Cyber UK event in Newport, Wales.
SEE: A winning strategy for cybersecurity (ZDNet special report)
Many of the most notorious ransomware gangs are suspected to run out of Russia – and Joyce suggested that sanctions against Russia because of the invasion of Ukraine are making life difficult for cyber criminals based in the country, which has led to a reduction in attacks, at least for now.
“One interesting trend we see is, in the last month or two, ransomware is actually down. There’s probably a lot of different reasons why that is, but I think one impact is the fallout of Russia-Ukraine,” said Joyce.
“As we do sanctions and it’s harder to move money and it’s harder to buy infrastructure on the web, we’re seeing them be less effective – and ransomware is a big part of that,” he added.
But even if there’s been a reduction in ransomware attacks, it doesn’t mean the issue has suddenly disappeared – as shown by the number of organisations that continue to fall victim to ransomware attacks.
In many cases, victims of ransomware attacks still feel as if they’ve got no choice but to pay a ransom to cyber criminals for the decryption key required to retrieve their encrypted files – despite warnings from cybersecurity agencies and the authorities that this only encourages further ransomware attacks.
There are steps that organisations can take to improve cybersecurity and bolster their defences against ransomware and other attacks.
Some of the steps recommended by NCSC include applying security patches and updates in a timely manner to stop cyber criminals exploiting known vulnerabilities and to roll out multi-factor authentication to all users to provide an extra barrier against intrusions.
It’s also recommended that organisations are aware of who and what is on their networks, so suspicious activity can be detected quickly, are regularly backing up their data, and that an incident response strategy is in place, so there’s a plan about what to do in a worst-case scenario.