$1.2 billion, that’s the approximate amount US banks and financial institutions have flagged as likely ransomware payments in 2021, says the annual Financial Trend Analysis report by the US Treasury Department’s Financial Crimes Enforcement Network (FinCEN). The ransomware menace is not limited to the US, confirms the Interpol Global Crime Trend Report 2022 (IGCTR).
According to the US federal financial crimes watchdog, the record-breaking amount – payments bank clients have made to possible cybercriminals – is almost triple that of the previous year. The U.S. banks have to report suspicious transactions to federal authorities under the Bank Secrecy Act.
Explaining the growth of internet crime in different parts of the world, the Interpol report categorizes them into five core areas: organized crime, illicit trafficking, financial crime/corruption, cybercrime, and terrorism. Over half the ransomware attacks recorded in the US are attributed to suspected Russian cyber hackers, says FinCEN data
The global crime index has increased several folds over the years. It is estimated that over 2.7 million cyber-related frauds occurred in the 12 months to March 2022, says the UK National Cyber Security Centre’s Annual Review 2022. Among these crimes, ransomware-based operations are fabled in different parts of the world.
According to the IGCTR findings, ransomware attacks have intensified, particularly in the wake of crypto proliferations, and continue to pose a severe threat to the security and well-being of both public and private actors, ranging from governmental organizations and large corporations to ordinary citizens.
Ransomware gangs and support systems
The Interpol report discovered a movement of collaboration and mutual support systems among the five core areas of cybercrime. Since many of these crimes are committed online, the threat actors alter the techniques from time to time and use each other’s support and resources.
From using ransomware to encrypt files to releasing a chunk of those files as a warning, threat actors employ the latest technologies and techniques in IT. We’ve already seen several remote access applications, initially launched to help administrators and IT personnel help employees and customers in product-based and service-based companies, being modded into a sellable item in the underground malware markets.
In some cases, it is seen that two or more ransomware gangs are working together to either launch cyber espionage or fight against an established corporation. It is important to understand that continuous and coordinated efforts are needed to analyze how criminal convergences, digitalization, and new technologies empower threat actors and enable crime and terrorism. These efforts must be a key component of crime prevention and disruption plans.
Cybercrimes and the ransomware movement
In the modern threat ecosystem, almost every threat actor uses some ransomware to pressure its victims to pay a ransom amount. In extreme cases, some businesses are persuaded to shell out millions of dollars in exchange for decrypting the data. Surveys show that business losses can average up to $2,500 for each incident. Standard ransomware is designed to encrypt a victim’s files on the systems and causes irreversible data loss. Studies show that most cybercriminals use ransomware to demand money from their victims.
Most countries label these attacks as “high” and “critical” offenses and have established stringent laws to tackle the crime rate. These attacks can range greatly but are usually referred to as ransomware, phishing, online fraud, and computer intrusion (i.e., hacking). Among the list of cybercrime, authorities and governments all over the world put online child sexual exploitation and abuse (OCSEA) in a special section. These crimes are regarded as the highest sanction for criminals involved in these crimes. Researchers claim that 62% of member countries firmly predicted that this crime would “grow” or “substantially increase” in the future.
While many ransom payments in the global south went largely unreported, the US figures show a definite trend. “Russia-related ransomware variants accounted for 69% of ransomware incident value, 75% of ransomware-related incidents, and 58% of unique ransomware variants reported for incidents in the review period. All of the top five highest-grossing ransomware variants in this period are connected to Russian cyber actors,” said the FinCEN report.
Global threat risks and vulnerabilities
World governments have seen a dramatic increase in cyber security threats during the past few years. The ransomware gang poses a risk for businesses and public institutions, making it a present and severe problem for cybersecurity professionals. According to sources, in the UK alone, eighteen ransomware instances necessitated a nationally coordinated response this year, including assaults on South Staffordshire Water and a supplier to NHS 111.
Hacking social media accounts topped the reputation-harming campaign, while phishing continued as the biggest threat to individuals and small businesses. According to official statistics, in the 12 months ending in March 2022, there were 2.7 million cyber-related frauds.
Internationally, Russia’s invasion of Ukraine brought the cyber security threat into sharper focus in the UK. During the invasion, Russia sought to use disruptive cyber operations to support its military campaign. However, like on the battlefield, Ukrainian authorities – assisted by the NCSC – created strong cyber defenses, limiting the impact of Russian operations. Ukraine’s successful defensive operations were an example of network defenders worldwide.
Chinese state-sponsored cyber operations continued to advance while not being as well-known as Russian cyber operations, shows the UK NCSC report.
“China’s activity has become ever more sophisticated, with the state increasingly targeting third-party technology and service supply chains, as well as exploiting software vulnerabilities. This approach shows no sign of abating, with China’s technical evolution likely to be the single biggest factor affecting the UK’s cyber security in the future,” said the report.
The proliferation and commercial availability of cyber capabilities increased this year and are expected to increase the threat to the UK. Changing state threats were just some of the cyber security problems this year. A broader spectrum of state and non-state actors are anticipated to have access to additional destructive and disruptive cyber capabilities, which will be used more frequently and with less predictability.