Ransomware — a novelty just a few years ago — is now endemic, like COVID. We'll have to learn to live with the malicious file-encrypting code, even as we struggle to limit it.
Why it matters: Ransomware attacks, which take an organization's data hostage and shut down its systems until the hackers receive payment, have exacted an escalating price on law enforcement, policymaking and financial resources around the world.
- It remains the top threat on the minds of cyber defenders at this week's RSA Conference in San Francisco, the cybersecurity industry's highest-profile annual gathering.
What's happening: Rob Joyce, the NSA's director of cybersecurity, told reporters during a briefing at RSA that Russian hackers are now weaponizing ransomware in attempted attacks against Ukrainian logistics supply chain companies, as well as organizations in Western-allied countries.
- Cybersecurity firm Sophos said in a report released Tuesday that 68% of cyberattacks last year involved ransomware.
- A panel on the last day of RSA acted out what the federal response to a hypothetical, Iran-backed ransomware attack on U.S. banks in 2025 might look like.
How it works: A ransomware attack typically starts with malicious hackers installing file-encrypting malware onto an organization's networks and then displaying a ransom note on every screen.
- To unlock the networks and prevent a leak of any stolen data, ransomware gangs demand payment, often in the form of cryptocurrency.
- In recent years, ransomware has infected schools, hospitals, small businesses and more.
Between the lines: Conversations about ransomware at RSA have shifted from viewing it as an easily squashed nuisance to seeing it as a persistent threat.
- Following the ransomware attack on Colonial Pipeline in May 2021, U.S. officials were quick to make ransomware a national priority. President Biden even started engaging with Vladimir Putin to try to get him to crack down.
- Ransomware now is treated like any other crime that's not expected to be easily solved or to vanish after a couple of key arrests, experts told Axios.
Zoom out: Many ransomware operators are based in Russia, where the Kremlin tends to turn a blind eye to cyber criminals targeting Western countries.
- Ransomware gangs are well-organized, making them adept at rebranding and reshuffling in the face of law enforcement heat, John Dwyer, head of research at IBM's X-Force, told Axios.
- Organizations still struggle with basic cyber hygiene to protect themselves.
Reality check: Government sanctions, internet server takedowns and criminal arrests have slowly but steadily reduced businesses' willingness to pay ransomware gangs, Tom Hofmann, chief intelligence officer at Flashpoint, told Axios.
- The number of ransomware attacks dropped 15% between 2021 and 2022, according to recent data from Google-owned threat intelligence firm Mandiant. But that came after they skyrocketed the year before.