The Year the Tide Turned on Ransomware

The Year the Tide Turned on Ransomware

Ransomware was prevalent this year. In the year 2021, there was an attack on IT software company Kaseya that took down 1,500 organizations, a CD Projekt Red hack that saw threat actors steal source code for games like Cyberpunk 2077 and The Witcher 3, and several high-profile attacks targeting big-name tech companies like Olympus, Fujitsu, and Panasonic. Hackers targeted crucial infrastructure, including the American oil pipeline system Colonial Pipeline, meat-processing behemoth JBS, and Iowa New Cooperative, an association of farmers selling maize and soy, to name a few.

After the attacks caused lengthy shutdowns, boosted energy prices, and threatened food shortages, the US government began to pay attention — after years of inactivity — and achieved some rare victories in what had previously appeared like an unwinnable struggle against the ransomware plague. The Ransomware and Digital Extortion Task Force was established by the Department of Justice in April. Following the “worst year” for ransomware assaults, the DOJ made the decision to focus on “disruption, investigation, and prosecution of ransomware and digital extortion operations.”

Two months later, the task force scored its first victory when the Department of Justice announced the arrest of Alla Witte, a 55-year-old Latvian national, for her role in “a transnational cybercrime organization” that was behind TrickBot, one of the most well known and widely used banking trojans and ransomware tools.

Just days later, the DOJ stated that it had confiscated $2.3 million in bitcoin that Colonial Pipeline had paid to the DarkSide ransomware group in order to regain its data. Since then, the United States government has offered a reward of up to $10 million for information that assists in identifying or tracking down the renowned ransomware group’s leaders.

The Treasury Department imposed penalties on the Chatex cryptocurrency exchange for enabling ransom transactions at the same time, barely weeks after taking similar action against the Suex cryptocurrency market.

The Task Force’s biggest victory came in October when it took down the famed REvil ransomware group. Prosecutors reported the arrest of a 22-year-old Ukrainian national related to the gang behind the July ransomware assault on Kaseya, as well as the seizure of more than $6 million in extortion money linked to another member of the famed ransomware cell.

Many people praised the US government’s efforts to pursue ransomware gangs this year, notably its money-following strategy, Chainalysis hailed the Treasury’s action against Suex, a blockchain transaction analysis software provider, as a “big win” against ransomware operators, telling TechCrunch that dismantling the mechanisms for ransomware groups to cash out their cryptocurrency would be critical in slowing them down. According to Morgan Wright, chief security adviser at SentinelOne, ransomware gangs will continue to exist and spread unless the core motive – financial gain —is removed.

“Attackers will always have the upper hand since they are not bound by the law or the laws.” “However, there are two techniques that might have a significant influence on the capacity of transitional ransomware gangs to fulfill their objectives: restricting the ability to utilize cryptocurrency for ransoms and machine speed responses to machine speed assaults,” Wright added. The US government has provided prizes for information on ransomware methods, such as the $10 million reward for DarkSide information and the subsequent payment for Ravil information. “With such big incentives, these criminals have a strong incentive to turn on one another.” According to Jake Williams, CTO of BreachQuest, “this move weakens trust across the ransomware as a service affiliate model.”