Cybersecurity: Ransomware is marking time

After a record year in 2023 in terms of both the number of attacks and the amounts extorted from victims, ransomware has been in decline since the start of 2024, with major police operations destabilizing cybercriminal networks, according to several experts.

“In the first four months of 2024, the number of publicly reported incidents related to “ransomware” [“rançongiciels” en français] “has decreased compared to the first four months of 2023,” Allan Liska, a cybersecurity expert at Recorded Future, told AFP.

This type of malware exploits security flaws in a company, public building, community or individual to encrypt and block their computer systems, demanding a ransom to unlock them.

Particularly lucrative for hackers, these attacks are devastating for victims who, even when they end up paying, can see their data stolen and resold in the “dark web“, or in the depths of the internet.

In its Q1 2024 Internet Security Report, US cyber defense specialist WatchGuard also observed a 23% decrease in ransomware attacks compared to the end of 2023.

Cleaning

After a lull in 2022, the number of attacks using this type of malware had seen a sharp increase last year.

The emerging French cybersecurity company Cybelangel reported a 40% jump in one year, while the American company Chainalysis, a specialist in the study of cryptocurrency transactions, estimated the sums paid by victims at more than $1.1 billion, “a record level”.

This is why these ransomware programs are in the sights of the authorities of many countries, who have carried out large-scale actions in recent months.

In February, the LockBit group was dismantled by an international police operation. According to Allan Liska, it accounted for up to 30% of ransomware attacks in recent years.

In late May, a nationwide sweep dubbed “Endgame” took down more than a hundred servers that played a major role in deploying malware.

“All of these operations have had a real impact on the ransomware ecosystem,” operations destabilizing cybercriminal actions and creating confusion between different hacker groups, says the Recorded Future expert.

“There is a sort of cleaning up of the “ransomware” scene that has taken place,” notes Nicolas Raiga-Clemenceau, cybersecurity expert for the firm XMCO, “which has allowed a certain number of new groups to appear and structure themselves.”

Although there are more than a dozen of them, including RansomHub and Hunters International, it is difficult to know whether their power to cause harm will be as strong as their predecessors.

“Physical consequences”

However, “some of these young groups [opérant des] Ransomware, such as Scattered Spider, threatens to resort to “new, more violent tactics,” notes Allan Liska.

“The data stolen by hackers may include the address of the CEO or the head of IT security. [d’une entreprise] […] and when negotiations fail, the consequences might become not just digital, they might become physical,” he adds.

For Luis Delabarre, the decline in ransomware can also be explained by increased investment by companies in more efficient defense systems.

“We are now seeing the benefits of a year 2023 that was very delicate and difficult on the ransomware side,” notes the expert from the cybersecurity company Nomios. “Decisions were made on budgets and the Olympic Games were an accelerator.”

While the Paris Olympics (July 26 – August 11) do not in themselves constitute a particularly delicate target for this type of attack, the 15 million visitors expected in the capital are whetting the appetite of cybercriminals, who have already launched phishing campaigns in the form of, for example, fake online lotteries to win tickets; that is, a way of deceiving Internet users to recover personal data and identifiers, often a first step before launching a larger-scale attack.

But all the experts interviewed by AFP are unanimous: ransomware attacks risk rebounding quickly, probably even before the end of the year.

“There is so much money to be made that they [les pirates] “They’re not going to stop anytime soon,” warns Allan Liska.