Ransomware Decreases as a Result of Sanctions on Russia

US sanctions against Russia, according to NSA director of cybersecurity Rob Joyce, are making it more difficult for Russian-based criminals to begin campaigns.
SIA Team
May 10, 2022

The incidence of ransomware attacks has fallen in recent months, according to Rob Joyce, director of cybersecurity at the National Security Agency (NSA), as sanctions on Russia make it more difficult for hackers to plan operations and collect ransom payments.

According to Joyce, they have noticed that ransomware has been on the decline in the last month or two and said that there are several reasons for this, but one of them is the fallout from the Russia-Ukraine situation.

Many of the most well-known ransomware gangs are said to be based in Russia, and Joyce claims that sanctions imposed on the country as a result of the invasion of Ukraine are making life difficult for cybercriminals there, resulting in a decrease in assaults, at least for the time being.

“As we implement sanctions and it becomes more difficult to move money and acquire infrastructure on the internet, we’re seeing them become less effective – and ransomware is a huge part of that,” he continued.

However, just because there have been fewer ransomware attacks doesn’t imply the problem has gone away — as evidenced by the number of businesses that continue to be hit by ransomware.

Despite warnings from cybersecurity agencies and authorities that paying a ransom to cybercriminals for the decryption key required to retrieve their encrypted files encourages more ransomware attacks, many victims of ransomware attacks nonetheless feel compelled to do so.

Organizations can take efforts to improve their cybersecurity and strengthen their defenses against ransomware and other cyber assaults.

The NCSC suggests taking efforts such as deploying security patches and updates regularly to prevent cybercriminals from exploiting known vulnerabilities and implementing multi-factor authentication for all users to provide an additional barrier against incursions.

It’s also recommended that businesses know who and what is on their networks so that suspicious activity can be identified immediately, that businesses frequently backup their data, and that organizations have an incident response policy in place in case the worst happens.