In the past few days since the Russia/Ukraine conflict, there have been some changes in the cybersecurity landscape. Below are some of my personal observations from our Ransomware Recovery business unit. I am curious if other incident response professionals, ransomware negotiators, and breach counsel experts have a different outlook.

• Ransomware and other cyber-attacks appear to still be at a lower level than in 2021 and early January. The presumption is that the threat actors have been conscripted to wage cyber war in the Russia/Ukraine digital battlefield. Smaller attacks against NAS storage like QNAPs seem to be the exception, as those are at a higher volume. But larger attacks against mid and large enterprises, while still happening, are fewer in the past six weeks.

• Conti is now a sanctioned ransomware threat actor. We have learned this from some recent cases. That means OFAC, the U.S. Department of Treasury Office of Foreign Asset Control, is restricting ransomware payments by victimized U.S. companies. If these U.S. companies don’t have good backups, or some other means of recovery, it will have devastating results. I am mixed on paying ransoms. Nobody wants to pay the bad guys, but if it is a company worth $10B dollars, those that have that company’s stock in their retirement fund are screwed, along with thousands of employees, customers, and vendors up and down the supply chain.

• Conti is now sanctioned by the U.S. government as a hostile terrorist or government entity. That means for all the companies that get hit by Conti (and they are one of the biggest operators in the ransomware space), cyber insurance is not going to pay out. The insurance carriers are going to cite the clause in their contract, where they don’t have to pay out on losses due to war/nation state actors.

• It is very possible that cyber-attacks erupt in the next few days impacting North America and other western nations, but as of now, it seems restraint is being observed on both sides.

Things are changing rapidly in the cybersecurity space due to the nation state actors and the geopolitical conflict. These are just my personal observations from the past 72 hours. Again. I am curious what my peers think and see, and will keep a close eye on the trends and changing landscape.

If you have any questions or concerns, please feel free to reach out to Alvaka at (949) 428-5000. To read our recommendations on how to reduce your risk of ransomware and other cyber-attacks, click HERE.

Oli Thordardon
President/CEO of Alvaka Networks

ransomware resources
Contact Alvaka