One of the reasons cyber hasn’t played a bigger role in the war, according to Carhart, is that “throughout the conflict, we saw Russia being underprepared and not having a good plan to match. So it’s not really surprising that we see this in the cyber realm as well.
In addition, Ukraine, under the leadership of Zhora and its cybersecurity agency, has been working on its cyber defenses for years, and it has received support from the international community since the war began, experts say. Finally, an interesting turn in the Internet dispute between Russia and Ukraine was the rise of the decentralized international cyber-coalition known as IT Army, which scored significant hacks, showing that war in the future can also be waged by hacktivists.
Ransomware is rife again
This year, in addition to the usual businesses, hospitals and schools, government agencies of Costa Rica, Montenegroand Albania all have also suffered damaging ransomware attacks. In Costa Rica, the government has declared a national emergency, a first after a ransomware attack. And in Albania, the government expelled Iranian diplomats from the country – a first in cybersecurity history – following a destructive cyberattack.
These types of attacks hit an all-time high in 2022, a trend that will likely continue into next year, according to Allan Liska, a researcher who focuses on ransomware at cybersecurity firm Recorded Future.
“[Ransomware is] not just a technical glitch like infostealer or other basic malware. There are geopolitical implications in the real world,” he says. In the past, for example, a North Korean ransomware called WannaCry caused serious disruption to the UK national health system and hit approximately 230,000 computers worldwide.
Fortunately, it’s not all bad news on the ransomware front. According to Liska, there are warning signs pointing to “the death of the ransomware-as-a-service model,” in which ransomware gangs rent out hacking tools. The main reason, he said, is that every time a gang gets too big, “something bad happens to them”.
For example, the REvil and DarkSide/BlackMatter ransomware groups have been hit by governments; Conti, a Russian ransomware gang, collapsed internally when a Ukrainian researcher dismayed by Conti’s public support for the war internal chat leaks; and the LockBit team also suffered the leak of their code.
“We see a lot of affiliates deciding that maybe I don’t want to be part of a big ransomware group because they all have targets on their backs, which means I might have a target on their backs, and I just want to commit my cybercrime,” Liska says.