The situation in Ukraine has a strong impact on the ransomware situation, what are the five key points in the ransomware market in the first quarter of 2022?

Since Russia invaded Ukraine in February 2022, hackers have participated in attacks on Ukraine and retaliation against Russia, and it is wary that the damage of malware targeting Ukraine will spread all over the world. , The situation regarding ransomware is changing rapidly. Backblaze , a cloud storage service provider, explained on its official blog five important points that are key to understanding the trends in the ransomware market in the first quarter of 2022.

Ransomware Takeaways From Q1 2022
https://www.backblaze.com/blog/ransomware-takeaways-from-q1-2022/

The first point is that 'international attention and sanctions on Russia may have curtailed ransomware activity.' As Microsoft announced in October 2021 that '58% of cyberattacks came from Russia,' the situation in Russia is likely to have a strong impact on the ransomware situation. However, while cyber attacks were thought to be an important tactic, Russia's ransomware situation was eerily quiet. This is a concern that economic sanctions on Russia have blocked the route for cybercriminals to receive money, and that the turmoil in the situation has prevented victims from receiving money from insurance companies, so criminals will not be able to receive ransom. It is thought that this is the cause.

'58% of cyber attacks came from Russia,' Microsoft announced, the rise of China is also remarkable-GIGAZINE

However, the second point is that 'long-term socio-economic impacts can create a new wave of cybercrime,' Backblaze points out. For example, cybersecurity consultant Coveware once said, 'People who have become socially and economically unstable due to sanctions may find a way out in cybercrime.' According to Coveware, just 7% of the newly unemployed workforce will turn to cybercrime, doubling the number of individuals currently active as ransomware operators.

The third point is that the ransomware group is divided into two, depending on whether it supports the Russian invasion or shows its will as the new Ukraine. A year's worth of internal chat logs from Russia-based ransomware attack group Conti was leaked by pro-Ukraine security researchers to journalists and cybersecurity researchers with the message 'Glory to Ukraine'. There are also incidents . In response, other groups have declared neutrality and condemned Russia's attacks, highlighting the close network of ransomware markets.

A ransomware attack group with 'pro-Russian policy' was attacked by a hacker near Ukraine and a year's worth of internal chat logs leaked --GIGAZINE

Fourth, the 2021 ransomware overview released by the US Institute for Cyber Security and Infrastructure Security (CISA) in March is also an important point. According to a CISA statement , standard cyber attacks were taking place on holidays and weekends, and a managed service provider (MSP) was targeted to maintain, monitor, and operate customer networks and servers. , It was said that there was a tendency of tactics such as the fact that backup data in the cloud was targeted. With accumulated knowledge of ransomware tactics, Backblaze suggests that mitigations are being established to protect businesses and organizations from ransomware.

Why are cybercriminal groups launching ransomware attacks over the weekend? --GIGAZINE

Finally, as a fifth point, Backblaze states that 'Russia may use ransomware to offset sanctions.' While the ransomware situation was calm in the first quarter, the US Financial Crimes Enforcement Network (FinCEN) said, 'Russia hacks hackers to evade sanctions, intensify attacks and win cryptocurrencies. We may hire you. '

Keeping track of ransomware trends helps prepare a security situation to protect your data, so it's important to stay on top of it, Backblaze said.