Friday, January 17, 2025
HomeTechnologyOn the Offensive: Tracking Ransomware Gangs Across the Globe

On the Offensive: Tracking Ransomware Gangs Across the Globe

Published on

SIEM as a Service

Follow Us on Google News

Ransomware gangs are giving law enforcement the runaround. Not since the days of the Wild West have the police had so much trouble bringing criminals to justice. While law enforcement agencies have recently found some success—in February 2024, a joint task force took down LockBit’s main server, and on May 7th, the UK’s NCA unmasked and imposed sanctions on the group’s ringleader—these victories are typically short-lived: by May 21st, LockBit had claimed responsibility for an attack on Canadian retail chain London Drugs.

Law Enforcement vs Ransomware Gangs: A Futile War

The battle between law enforcement and cybercriminals bears striking similarities with several physical battles in living memory – most notably the Vietnam and Soviet-Afghans wars of the mid-to-late 20th century. Essentially, a better-armed, better-funded behemoth (law enforcement, the US, the Soviet Union) fights an ultimately futile battle against guerilla fighters (ransomware gangs, the Viet Cong, the Mujahideen) who use their superior knowledge of the landscape (the internet, the Vietnamese jungle, the Afghan countryside), to defeat their enemies.

Why Traditional Methods are Failing

Traditional methods of policing, as was the case with conventional warfare in Vietnam and Afghanistan, are ineffective against cyber criminals. Ransomware gangs are like Hydras—cut off one head, and another two grow back. Moreover, many ransomware actors, including LockBit ringleader Dmitry Khoroshev, reside in Russia or are Russian citizens, making extradition practically impossible. Similarly, cybercriminals are frustratingly good at obfuscating their identities and locations.

As a result, government agencies have attempted to mitigate the ransomware problem with cybersecurity frameworks and guidelines. While undoubtedly worthwhile, taking a purely defensive approach to the war on ransomware will leave organizations one step behind attackers as they grow increasingly sophisticated, developing new techniques to bypass existing cybersecurity defenses.

The Impact of Ransomware: Beyond the Financial

The financial costs of ransomware are enormous. Research from Sophos, for example, found that the average cost of recovering from a ransomware attack in 2024 was $2.73m.

However, while the financial impacts of ransomware attacks are incredibly damaging, the less apparent impacts – particularly in the healthcare sector – make ransomware such a pressing issue. With ransomware, as we know it today, in its relative infancy, its actual consequences are only now coming to light. For example, researchers from the University of Minnesota recently revealed that mortality rates increased by 36-55% at hospitals experiencing the most severe ransomware attacks, even rising by a staggering 62-73% for patients of color.

Similarly, a patient at a London hospital recently told The Register that she “is now missing her right breast after her skin-sparing mastectomy and immediate breast reconstruction surgery was swapped out for a simple mastectomy at the last minute” due to a ransomware attack.

Tackling Ransomware at Source

Tackling ransomware relies on performing an impossible task – attacking the problem at its source. However, new research may help make this dream a reality.

The recently developed World Cybercrime Index (WCI), a collaborative effort between the University of Oxford and UNSW Canberra, is a groundbreaking tool in the fight against ransomware and other cybercrimes. The index ranks countries based on cybercrime threat levels, providing invaluable insights for law enforcement and cybersecurity experts.

The WCI systematically identifies and ranks countries based on the prevalence and severity of cybercrime activities within their borders. By pinpointing regions that serve as significant hubs for ransomware activities, the index allows law enforcement agencies to allocate resources more efficiently. Concentrating efforts on these hotspots can lead to more effective surveillance, investigation, and disruption of ransomware operations.

Cybercrime is a global issue that requires international collaboration. The World Cybercrime Index facilitates this by providing a common framework and data set that all countries can reference. The index encourages international cooperation and joint operations to combat ransomware by highlighting the countries with the highest threat levels. This collaborative approach is crucial in dismantling transnational cybercrime networks and bringing perpetrators to justice.

Governments and organizations can use the data from the World Cybercrime Index to develop informed policies and strategies. Understanding which countries are most at risk or are primary sources of cybercrime can help craft targeted cybersecurity measures and regulations. This proactive stance can significantly reduce vulnerabilities and enhance the overall cybersecurity posture of nations, making it harder for ransomware actors to operate.

The comprehensive data the World Cybercrime Index provides also supports academic and professional cybersecurity research. With its information, researchers can analyze trends, identify emerging threats, and develop new methodologies to counter ransomware and other cybercrimes. This continuous research and development cycle is vital for staying ahead of the fast-evolving ransomware landscape.

Looking Ahead

Of course, the WCI is not a silver bullet, and it will take some time for the research to have any real impact on ransomware. Even when it does, ransomware attackers can still hide in countries like Russia to avoid punishment and continue their activities. The World Cybercrime Index does, however, offer hope in what has thus far been a hopeless endeavor. We are nowhere near tackling the ransomware problem, but we are headed in the right direction.

Josh is a Content writer at Bora. He graduated with a degree in Journalism in 2021 and has a background in cybersecurity PR. He’s written on a wide range of topics, from AI to Zero Trust, and is particularly interested in the impacts of cybersecurity on the wider economy.A person with curly hair and glasses smilingDescription automatically generated

Latest articles

Hackers Exploiting California Wildfire Sparks to Launching Phishing Attacks

As California grapples with devastating wildfires, communities are rallying to protect lives and property....

AIRASHI Botnet Exploiting 0-Day Vulnerabilities In Large Scale DDoS Attacks

AISURU botnet launched a DDoS attack targeting Black Myth: Wukong distribution platforms in August...

New Botnet Exploiting DNS Records Misconfiguration To Deliver Malware

Botnets are the networks of compromised devices that have evolved significantly since the internet's...

FTC Slams GoDaddy For Not Implement Standard Security Practices Following Major Breaches

The Federal Trade Commission (FTC) has announced that it will require GoDaddy Inc. to...

API Security Webinar

Free Webinar - DevSecOps Hacks

By embedding security into your CI/CD workflows, you can shift left, streamline your DevSecOps processes, and release secure applications faster—all while saving time and resources.

In this webinar, join Phani Deepak Akella ( VP of Marketing ) and Karthik Krishnamoorthy (CTO), Indusface as they explores best practices for integrating application security into your CI/CD workflows using tools like Jenkins and Jira.

Discussion points

Automate security scans as part of the CI/CD pipeline.
Get real-time, actionable insights into vulnerabilities.
Prioritize and track fixes directly in Jira, enhancing collaboration.
Reduce risks and costs by addressing vulnerabilities pre-production.

More like this

What Is Public Cloud vs. Private Cloud? Pros and Cons Explained 

Are you trying to decide between public and private cloud solutions for your business?...

How Learning Experience Platforms Are Transforming Training

Within today's fast-changing global society, effective training is vital for personal and professional success....

How to Easily Gear Up Your World of Warcraft Character

Gearing up in World of Warcraft has always been a challenge for both new...