National Security Agency (NSA) director of cybersecurity Rob Joyce told attendees of a recent UK security conference that ransomware attacks are down in roughly the last two months, and that trend can be traced directly to sanctions placed on Russia. Criminals that operate out of the country are struggling to find ways to cash out ransom payments and set up infrastructure, due in large part to sanctions attached to the invasion of Ukraine.
NSA director sees downward trend in ransomware attacks due to recent sanctions
The NSA cyber security director told the National Cyber Security Centre’s (NCSC) Cyber UK event in Wales that criminal attempts on government agencies and critical infrastructure had made ransomware attacks a national security priority, and that most of the serious players in this particular segment of the criminal underworld are based in Russia. New sanctions against entities in Russia are thus having a dampening effect on ransomware attacks, as the criminals lose options for doing business with the outside world.
Joyce said that this was likely not the only factor for the reduction in ransomware attacks, but was a significant contributor. Ransom payments are more difficult to process due to lack of access to assorted banking options, and inability to purchase necessary technology to set up the infrastructure for new ransomware campaigns.
Whether or not to formally ban ransomware payments has been a hot topic across the world for several years now, ever since ransomware attacks made a major resurgence. After a lull in the mid-2010s, ransomware roared back in 2017-2018 roughly concurrent with the massive rise in value of cryptocurrencies. Even larger spikes have occurred since the beginning of the Covid-19 pandemic, as both home and work internet traffic greatly increased. While there is some case to be made for cutting these attacks off at the source by banning ransom payments, an argument supported by this recent NSA announcement, many organizations feel that they have no option but to make a payment when they are unexpectedly caught by a breach. This is particularly true for companies that cannot afford even a small amount of downtime, such as health care…