Ransomware is on the rise again–blame Russia’s invasion of Ukraine
Report finds ransomware incidents bouncing back since last year.
Pool/Getty Images
· less than 3 min read
Top insights for IT pros
From cybersecurity and big data to cloud computing, IT Brew covers the latest trends shaping business tech in our 4x weekly newsletter, virtual events with industry experts, and digital guides.
Sometimes there’s a connection between real-life warfare and cyber warfare.
According to a new report from Arctic Wolf, released Aug. 30, ransomware incidents rose 46% in the first half of 2023. Hackers are also asking companies to pay more to regain access to crippled systems and data; the median ransom in H1 2023 cost $600,000. That’s a 43% increase from last year, the cybersecurity firm said.
Nathan Little, VP of digital forensics and incident response at Arctic Wolf, told IT Brew there are a couple of factors that could explain the recent spikes: the ease of executing ransomware attacks, as well as Russia’s invasion of Ukraine.
While cyber threats originate across the world, much of that activity is concentrated in eastern Europe, he told us. 2022 saw a dramatic decrease—more than 50%—in ransomware incidents that was “almost certainly related to the Russia and Ukraine war.”
These patterns reflect the “human element” behind cyberattacks anchored in the region, he said.
“People were without internet, without power, and some of those people were the attackers,” Little said. “I think that’s the only thing that could explain the immediate 50% drop in ransomware incidents, almost to the day of when Russia invaded Ukraine.”
Now that the region is more stabilized, normal cyberattack patterns have resumed and slightly risen, he observed.
This dynamic could also help explain the ballooning ransomware amounts, according to Arctic Wolf’s report.
“Have inflationary pressures hit e-crime groups, causing them to raise rates? Not likely, in our opinion. Instead, the fluctuation in median ransom demand is likely a confluence of factors, including ransomware groups trying to maximize bounties after a decline in activities caused by the conflict in Russia and Ukraine,” the report said.
Little also noted that as cyber defenses get stronger, cybercrime groups may try to extract the same gross income from a smaller victim pool.
“When you’re trying to make the same money with less customers, you need to charge more, and you’re gonna work harder to charge more,” he said. “You’re gonna work harder to make an attack more damaging.”
Top insights for IT pros
From cybersecurity and big data to cloud computing, IT Brew covers the latest trends shaping business tech in our 4x weekly newsletter, virtual events with industry experts, and digital guides.