One reason cyber hasn’t played a bigger role in the war, according to Carhart, is because “throughout the entire conflict, we’ve seen Russia being unprepared for things and not having a good game plan. So it’s not really surprising that we see it in the computing domain as well.
In addition, Ukraine, under the leadership of Zhora and her cybersecurity agency, has been working on its cyber defenses for years and, according to experts, has received support from the international community since the beginning of the war. Finally, an interesting twist in the internet conflict between Russia and Ukraine has been the rise of the decentralized, international cyber coalition known as the IT Army, which has marked some significant attacks, proving that war in the future can also be fought by hacktivists.
Ransomware is rampant again
This year, in addition to the usual companies, hospitals and schools, government agencies in Costa Rica, Montenegro and Albania have also suffered malicious ransomware attacks. In Costa Rica, the government has declared a national emergency, the first since a ransomware attack. And in Albania, the government expelled Iranian diplomats from the country, a first in cybersecurity history, following a destructive cyberattack.
These types of attacks reached an all-time high in 2022, a trend likely to continue into next year, according to Allan Liska, a ransomware researcher at cybersecurity firm Recorded Future.
“[Ransomware is] not just a glitch like an information stealer or other basic malware. There are real-world geopolitical implications,” he says. In the past, for example, a North Korean ransomware called WannaCry caused major disruptions to the UK’s NHS and affected around 230,000 computers worldwide.
Fortunately, it’s not all bad news on the ransomware front. According to Liska, there are some early signs pointing to “the death of the ransomware-as-a-service model,” where ransomware gangs rent out hacking tools. The main reason, she said, is that whenever a gang gets too big, “something bad happens to them.”
For example, the REvil and DarkSide/BlackMatter ransomware groups have been targeted by governments; Conti, a Russian ransomware gang, unraveled internally when a Ukrainian researcher upset by Conti’s public support for the war leaked internal chats; and the LockBit crew also had their code leaked.
“We’re seeing a lot of affiliates decide that maybe I don’t want to be part of a big ransomware group, because they all have targets on their backs, which means I may have a target on their backs, and I just want to get my cybercrime done” Liska says.