Play Live Radio
Next Up:
0:00 0:00
Available On Air Stations

The rise in ransomware attacks this year may be related to Russia's war in Ukraine


In Ukraine, despite some predictions, Russian cyberattacks have failed to be a major factor in the war. That said, Russian cybercriminals are ramping up attacks on the rest of the world. NPR's Jenna McLaughlin is here to tell us about current trends in ransomware attacks and how cybercrime's future is closely tied to Russia's future. Hi, Jenna.

JENNA MCLAUGHLIN, BYLINE: Hey, Adrian. How's it going?

FLORIDO: It's going well, thank you. First off, remind us about the relationship between ransomware attacks and Russia.

MCLAUGHLIN: Yeah. So Russia has this really obvious reputation for having advanced cybercapabilities. They've burrowed into U.S. networks to spy. They've shut off the power grid in Ukraine years before launching a full-scale invasion. But I think maybe the more important cybercapability the Russian government has now is its close ties to cybercriminal networks, people living in Russia and in countries within Moscow's sphere of influence. So these guys break into victims' networks and encrypt their files, demanding money in exchange for unlocking them and not making them public. It's called ransomware. The U.S. government has spoken more and more openly about this relationship. They say that the intelligence shows that Russian cybercriminals are given freedom. They're given leniency in exchange for moonlighting and acting for the Russian government.

FLORIDO: So what exactly have these cybercriminals been doing for the Russian government?

MCLAUGHLIN: So we've seen the connection ebb and flow. And a lot of that has to do with the war and what Russia needs at that moment in 2022. There was actually a marked decrease in ransomware, and partially that's because the Russian cybercriminals were probably summoned by the government to help out in the war effort. But what's really interesting is that right now, the ransomware numbers are skyrocketing again in 2023. Here's Jackie Burns Koven, who studies ransomware for blockchain analysis company Chainalysis.

JACKIE BURNS KOVEN: 2023 is actually on pace to be one of, if not the worst year in terms of ransomware payments. So far this year, we're tracking at least $450 million in ransomware payments through June, really seeing an uptick in average demands.

FLORIDO: Wow, $450 million. That's a lot of money, Jenna. What do experts think is going on here?

MCLAUGHLIN: It is a lot. I heard a couple of interesting theories about that. The first is that Russia, mired in war and licking its wounds from that recent mutiny by Russian mercenaries, is giving these cybercriminals free rein to try and cause chaos around the world. Koven said it's kind of like Putin might have given a release-the-hounds command. You know, it's also a lot easier these days to launch ransomware attacks. There's a lot of stolen malware that's been leaked online. But the flip side of this narrative could be that Russia doesn't actually have as much control over these hackers as they might hope. Either way, one conclusion that I reached after talking to all these experts is that, you know, as long as Russia exists in its current state, ransomware probably isn't going anywhere.

FLORIDO: Well, it all sounds, you know, pretty dire. Is there anything that organizations can do about it?

MCLAUGHLIN: Yeah. So the good news is that the U.S. and its allies are having some success against ransomware. Government agencies have been able to get back some money that's been paid to ransomware gangs. They've gotten decryptor tools to help unlock files. They've even broken into ransomware gangs' internal systems and forced them to disperse and regroup later. Meanwhile, it seems like the safe space for cybercriminals near Russia is shrinking. There was a recent arrest of a Russian cybercriminal in Kazakhstan. So these guys really can't travel. They probably have to do what Russia tells them to do or else. And there is a lot of uncertainty about Russia's future right now. Plus, you know, organizations can always ramp up their cyber defenses to prevent an attack like that in the first place.

FLORIDO: I've been speaking with NPR cybersecurity correspondent Jenna McLaughlin. Thanks so much.


(SOUNDBITE OF ALEX VAUGHN SONG, "SO BE IT") Transcript provided by NPR, Copyright NPR.

NPR transcripts are created on a rush deadline by an NPR contractor. This text may not be in its final form and may be updated or revised in the future. Accuracy and availability may vary. The authoritative record of NPR’s programming is the audio record.

Jenna McLaughlin
Jenna McLaughlin is NPR's cybersecurity correspondent, focusing on the intersection of national security and technology.