In the realm of cybercriminal activities, the pursuit of financial gain remains the primary driving force, with extortion serving as a longstanding and effective method. Ransomware, a form of extortion, has witnessed continual growth in attacks over the years, showcasing its success as a means of coercion.

The trajectory of ransomware’s evolution has been dynamic, adapting as criminals refine their approaches to enhance extortion tactics. This evolution, marked by fluctuations in volume, is responsive to market conditions. However, the pivotal aspect remains criminals’ allegiance to extortion rather than encryption.

Anticipated shifts in the landscape during 2023 are influenced by three primary factors: the geopolitical impact of the Russia/Ukraine conflict, the increasing professionalism of criminal gangs, and intensified efforts by governments and law enforcement to counter the threat.

Geopolitical Influence of the Russia/Ukraine Conflict

The ongoing conflict has brought attention to the covert cyberwar that has persisted globally, particularly along geopolitical lines. While major powers refrain from open attacks on critical infrastructures, criminal gangs exhibit less restraint.

The current slowdown in the growth of ransomware attacks is deemed temporary, with a potential surge expected post-conflict. Cybercriminals presently focus on attacking Ukraine’s critical infrastructure, and once the conflict subsides, these resources will likely redirect towards ransomware attacks.

An outcome of the European conflict could be an escalation in the destructiveness of ransomware attacks. Instances of more devastating attacks across various sectors are anticipated, contributing to an overall increase in 2023.

Professionalism of Criminal Gangs

The proficiency of criminal gangs has seen a notable upswing, particularly with the emergence of Ransomware-as-a-Service (RaaS). Elite gangs, recognizing increased profits and reduced personal exposure, develop malware and lease its usage to third-party affiliates. This success is likely to motivate less skilled gangs to adopt a similar path.

The sophistication of attackers is discussed in-depth in the Cyber Insights 2023: Criminal Gangs report. The adoption of RaaS is expected to result in a perpetual battle between law enforcement agencies and ransomware affiliates, involving both veteran and new groups.

Tactical Shifts in Ransomware Attacks

As defenders enhance their capabilities, ransomware attackers are poised to alter tactics. An example includes a shift towards targeting backups, exploiting critical vulnerabilities, and utilizing legitimate remote management tools. The evasion of security measures and prolonged dwell time within networks will be emphasized.

Economic Impact and Government Responses

The worsening economic conditions in 2023 present a twofold threat. Layoffs may result in an increased pool of cyber-competent individuals seeking alternative means of income, potentially driving a surge in ransomware attacks. Simultaneously, companies might reduce cybersecurity budgets, compromising their ability to detect or prevent breaches.

Governments play a crucial role in countering ransomware. Proposed responses include treating remaining staff as human firewalls, prioritizing well-being, learning, and development initiatives, and government intervention to curb ransom payments. However, the effectiveness of government measures remains a topic of debate.

In conclusion, tackling ransomware in 2023 requires a comprehensive approach, encompassing enhanced cyber defenses, individual and organizational preparedness, and coordinated government efforts to address the root causes of its profitability. The landscape is anticipated to witness further complexities and challenges, demanding continuous adaptation and resilience from defenders across various sectors and geographies.