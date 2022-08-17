Placeholder while article actions load

Ransomware numbers appear to be falling, but that news might not be as good as it sounds

For years, ransomware has been one of the chief scourges of cyberspace, robbing victims of billions, sparking panics for beef and gasoline and maybe even contributing to the death of a child.

In recent months, though, tallies of ransomware — a kind of cyberattack where hackers encrypt a victim’s system, then demand payment to unlock it — have shown signs of decline.

So what’s behind the diminished figures?

The short answer is: It might be less about whether the number of attacks have fallen off, and more about whether the people who do the counting have less information about what’s happening than before.

If it’s not an illusion, analysts can point to a host of potential factors explaining the drop. Either way, by no means do the numbers suggest ransomware is significantly less rampant.

“Ransomware is still alive and well,” Adam Meyers, senior vice president of intelligence at cybersecurity company CrowdStrike, told me.

The numbers

One of the first tallies pointing to a decline came last month from the Ransomware Task Force, made up of experts from government, industry, academia and nonprofits. It documented 64 attacks on local government, hospitals and schools in 2022 to that point, compared with 150 incidents from the same period last year.

Also in July, SonicWall, NCC Group and GuidePoint Security pointed to decreases across the board, although the companies covered various time periods. Not all companies had identical conclusions. Ransomware incidents increased from the first quarter of 2022 to the second, Avast said last week. But even Avast had seen decreasing numbers from the end of last year and the beginning of this year.

Cybersecurity company Secureworks also hadn’t seen ransomware attacks rising in 2022 like it had in prior years based on the number of incidents it’s responding to, Mike McLellan director of threat intelligence for the company’s counter threat unit, told me. That there was a decline in the first few months of 2022 wasn’t surprising, he said, because of seasonal patterns. But ransomware’s stagnation in May, June and July compared with the same period last year was head-scratching, he said.

Deceptive data?

The Ransomware Task Force figures might be deceptive because they draw on data from ransomware gangs’ leak sites, where they post alleged victims’ identities and data in an attempt to compel them to pay, Benjamin Freed reported for StateScoop. And ransomware gangs have relied less on those sites lately, with more directly contacting customers or others affected by the attack as a means of pressuring victims to pay the ransom.

Other developments could be distorting the numbers as well. Meyers said gangs have been using ransomware-like tactics without using the actual malicious software, stealing data and threatening to release it without necessarily locking up victim networks.

“What we’re seeing is the evolution of ransomware into data extortion,” he said. “We’ve seen some threat actors not using ransomware at all anymore, but they’re still doing this data exploitation.”

Another theory: Last year’s high-profile attacks on Colonial Pipeline, Kaseya and beef supplier JBS might have pushed ransomware gangs to focus on smaller targets to avoid exacerbating the ire of policymakers and law enforcement, and that could distort the numbers in a different way.

“I have a concept that the bad guys are no longer going after large blue chips because of the backlash that can create,” Don Smith, vice president of intelligence at the Secureworks Counter Threat Unit, told me.

“That then gives you a situation where, if you’re a medium-to-large enterprise, you may not have a relationship with a national CERT,” or government computer emergency response team, Smith said. “You may not be prepared to pay for top-tier incident response companies to help you with your problem. And therefore, from that sort of hilltop observation a lot of people may have reporting bias, which can explain this disparity.”

In other words: Lower-tier victims might not be as likely to report their attack to anyone who keeps track of them. And it might be a while before legislation is translated into law that requires major system owners to report ransomware payments within 24 hours to the feds.

Attacks might actually have dropped

Sanctions against Russia, where many of the top ransomware gangs operate, have hampered ransomware operators, National Security Agency Director of Cybersecurity Rob Joyce said in May.

Experts are divided on whether that’s the case.

Other factors might be playing a role, too. After a particularly productive period, the prolific ransomware group Conti apparently disbanded in May, following internal leaks that revealed the gang’s inner workings.

The Russia-Ukraine war also could be preoccupying ransomware gangs in that part of the world, with some of them stating their allegiance to fighting on behalf of Russia.

Whatever the truth behind the numbers, ransomware doesn’t look like they’re dying off anytime soon.

“It’s as troubling as ever,” Smith said.

As the Ransomware Task Force observed about the apparent decline and its causes: “We will have a better picture of this as the year progresses.”

The keys

TikTok calls on House official to rescind security warning about app

The letter from TikTok Vice President and Head of Public Policy Michael Beckerman calls on Chief Administrative Officer of the House Catherine Szpindor to “correct factual inaccuracies” in a recent warning she issued to lawmakers about the risks of using TikTok, the Hill’s Jared Gans reports. “We do not recommend the download or use of this application due to these security and privacy concerns,” Szpindor’s office said in the warning.

Beckerman’s letter, which was first published by Politico, calls on Szpindor’s office to “rescind” the advisory and meet with TikTok representatives.

“Szpindor’s memo came as an increasing number of lawmakers have begun using TikTok to convey messages and reach new demographics ahead of the November midterm elections,” Gans writes. “Almost every Democratic lawmaker voted for a provision in last year’s defense policy bill that prevented government employees from using TikTok on any government-issued device, but numerous caucus members have posted content on the platform.”

SEC accuses three of insider trading related to Equifax hack

Ann Dishinger, a finance manager at a Chicago public relations firm hired by credit score provider Equifax in the wake of a massive 2017 hack, told her significant other, Lawrence Palmer, nonpublic information about the hack, Reuters’s Noor Zainab Hussain reports.

“The SEC alleges that Palmer then contacted a former client who arranged for the purchase of out-of-the-money Equifax put options with the understanding that the client and Palmer would split any trading profits obtained,” Hussain writes. “The agency also alleges that Palmer tipped his brother and business partner, Jerrold Palmer, who then contacted a high school friend who arranged for the purchase of the same series of out-of-the-money Equifax put options.” Reuters couldn’t reach the Palmer brothers and Dishinger for comment.

The charges against the three Chicago residents represent the third set of insider trading charges unveiled by the SEC in the wake of the Equifax hack. They previously charged an executive and a manager at the company. Both pleaded guilty to criminal insider trading charges.

Top lawmakers demand information on federal agencies’ purchases of private data

House Judiciary Committee Chairman Jerrold Nadler (D-N.Y.) and House Homeland Security Committee Chairman Bennie G. Thompson (D-Miss.) requested documents and communications between seven government agencies and firms like data brokers and aggregators, Gizmodo’s Dell Cameron reports.

“While comprehensive information on the widespread use of this practice is unavailable, the evidence indicates it is pervasive and that your agencies have contracts with numerous data brokers, who provide detailed information on millions of Americans,” they write in the letter.

The House Judiciary Committee last month held a hearing on “digital dragnets” and government data access. “Little is known about the how and how often the government buys private data, and there are few, if any rules, to prevent agencies like the FBI from simply buying information which it might not otherwise have legal authority to demand,” Cameron writes. “Details of such arrangements have slowly trickled out through the press in recent years, such [as] the Department of Homeland Security’s purchase of phone location data from marketing companies in 2020, first reported by the Wall Street Journal.”

