The Russian-led invasion of Ukraine had an unprecedented impact of ransomware attacks, from a series of cyber-attacks against the West hours before its major invasion began [1], however, the impact on financial implications did not stop there.
On 16 July 2022, President Putin signed a bill into law, banning the use of digital assets as a method of payment for goods and services in Russia.
This decision came amid pressure from the Russian Finance Authorities regarding the use of cryptocurrency and the threat of such use destabilising the country’s financial infrastructure. There is also some speculation that the Authorities feared that a burgeoning cryptocurrency market, could eradicate the need for traditional banks, which Russia is able to regulate and control.
Current Status:
In 2021, 74% of ransomware revenue, cryptocurrency generated, was extorted by threat actor groups with some degree of connection to Russia[2].
The newly enacted law will make it more difficult for Russian threat actors to benefit from ransom demands in cryptocurrency and to launder or deal in the currency in exchange for goods and other tangible assets. This law also creates additional expenses and complications for those dealing with cryptocurrency payments in contravention of this new law. Overall, we may see a devaluation of cryptocurrency, affecting the assets that were already in the possession of the threat actors prior to this change in the law.
The new legislation will certainly impact Russian threat actors and they will need to find new methods to route, clean and exchange their ransom currencies and convert such funds either into conventional currency or other assets whilst remaining under the radar of the Russian authorities.
This raises several practical questions such as:
1. How will Russian threat actors adjust to this new reality?
2. Will they hold cryptocurrency assets in more favourable jurisdictions?
3. Are certain jurisdictions with less regulation on digital assets and transactions “safe havens” for Russian threat actors?
4. Is ransom going to become refocused on traditional currencies?
5. Finally, does ransom continue to diminish to negligible levels?
Thousands of small to medium-sized businesses have historically been victims of ransomware attacks on a consistent basis over a prolonged period of time but higher-profile organisations have also fallen victim to attacks, such as Colonial Pipeline, Apple, Accenture and CNA Hardy Underwriting.
Large-scale attacks on organisations like this ultimately lead to the escalation of insurance market ratios, meaning that coverage has changed dramatically, and some providers have ceased writing primary cover.
Many cyber insurance companies have seen loss ratios exceeding 114% [3], mainly due to the increase in ransomware activity during the Covid pandemic, combined with a significant rise in ransomware demands. This has brought to light the need for a significant correction in the insurance market, which has resulted in premium increases, the imposition of minimum-security standards, and a marked reduction in the availability of coverage.
On a positive note, many commercial companies have steadily (prompted by the insurance industry’s reaction to mounting cyber losses) enhanced their network security postures to levels not previously seen. They have done so by means of layered security, encryption of data, multiple and offsite backups, hashing and obfuscation of data, and better use of permission management. These are just some of the improvements CyberClan has seen recently, also promoting an uptick in the sales of our own managed services. Technological and security improvements will never be enough to entirely prevent ransomware attacks as there is always the human factor which is not easy to control or mitigate. Multi-factor authentication is a great tool as the first layer of security however, education of the workforce is also needed when phishing is involved in nearly 90% of attacks. [4]
Have we seen a decline in, cryptocurrency ransom claims?
While this new law will certainly have an effect on Russian threat actors and their ability to access cryptocurrency assets stolen or extorted from the victims or ransomware attacks, criminals are adaptable, and there remain multiple jurisdictions with less restrictive digital asset laws.
The ultimate effect of this law remains to be seen. Any positive impact may depend on other jurisdictions following suit and banning the use of cryptocurrency to pay for goods or services. Further impact will be dependent on other countries enacting similar laws, as we have seen in China. Whether the pre-pandemic and pandemic rate of ransomware attacks and claims returns in the future remains to be seen, but what is certain, is that this new Russian legislation will force Russian threat actor groups to move cryptocurrency assets out of Russia and onto exchanges in countries with less restrictive digital asset laws.
This is certainly welcome news for many commercial companies and the insurance market.
As much as we hope this won’t be the case, if an attack proves successful please do not hesitate to get in contact with us. Cyberclan has extensive experience in responding to ransomware attacks and is able to provide: incident response, investigation analysis, negotiations, sanction review and deep risk analysis and post remediation.
Please do not hesitate to contact us, using the form below.
[1] https://www.ncsc.gov.uk/news/russia-behind-cyber-attack-with-europe-wide-impact-hour-before-ukraine-invasion
[3] https://www.insurancejournal.com/news/national/2021/11/09/641279.htm