Ransomware to run rampant again

The high frequency of country-specific ransomware attacks experienced in 2022 is likely to continue next year, according to the MIT Technology Review.

This year, it said, other than the usual corporations, hospitals, and schools, government agencies in Costa Rica, Montenegro and Albania all suffered damaging ransomware attacks too. 

In Costa Rica, the government declared a national emergency, a first after a ransomware attack. And in Albania, the government expelled Iranian diplomats from the country—a first in the history of cybersecurity—following a destructive cyberattack.

These types of attacks were at an all-time high in 2022, a trend that will likely continue next year, the periodical noted, quoting Allan Liska, a researcher who focuses on ransomware at cybersecurity firm Recorded Future.

“[Ransomware is] not just a technical problem like an information stealer or other commodity malware. There are real-world, geopolitical implications,” he said. 

However, MIT added that it is not all bad news on the ransomware front: according to Liska, there are some early signs that point to “the death of the ransomware-as-a-service model,” in which ransomware gangs lease out hacking tools. The main reason, he said, is that whenever a gang gets too big, “something bad happens to them”.

For example, the ransomware groups REvil and DarkSide/BlackMatter were hit by governments; Conti, a Russian ransomware gang, unravelled internally when Ukrainian researcher leaked internal chats; while the LockBit crew also suffered the leak of its code.

“We are seeing a lot of the affiliates deciding that maybe I don’t want to be part of a big ransomware group, because they all have targets on their back, which means that I might have a target on my back, and I just want to carry out my cybercrime,” Liska added.