Bit of good news in the security space — ransomware attacks dropped 37% in December, per the NCC Group’s Strategic Threat Intelligence Team. This is thought to be seasonal — and in fact, due to the hackers taking time at the holidays too.
Also good news, ZDNet is reporting that a new level of paranoia is hitting ransomware operators as evidenced in communications on forums. The recent arrests in Russia have caused a sentiment change. This is a big change. I have no desire to go to jail,” wrote one forum member.
“In fact, one thing is clear, those who expect that the state would protect them will be greatly disappointed,” said another.
Of course, that hasn’t stopped all of them. The FBI is warning about the Diavol ransomware, connected to the TrickBot Group. The FBI is warning about extortion demands up to five hundred thousand dollars.
Most specifically, 65% of the survey respondents say that they or their employees were approached between December 7, 2021, and January 4, 2022, to help hackers establish initial access. The most common vector — email and social media. While most offers are less than five hundred thousand dollars, some proposals are above one million bucks.
And as a data point update, after mentioning insurance rates yesterday, BleepingComputer reported on the Bloomington School District — their cyber insurance jumped 334%.
In the UK, the National Cyber Security Center is releasing a set of NMap scripts to help scan for unpatched or vulnerable devices. Called “Scanning Made Easy”, the approved scripts are available via a GitHub project page, and the center is taking submissions from the security community as well.
Why do we care?
I’m going to focus on the fall out from the arrests. Most everything else today feels very tactical.
If ransomware groups view the arrests as one-and-done, the pressure will ease off. If the pressure doesn’t let up, change is coming. When the risk of arrest goes up, and the reward goes down as states like Pennsylvania make it illegal to pay ransoms, hackers will change.