Could the Russia-Ukraine war be causing a drop in cybercrime?

What’s happening to ransomware rates?

At a recent cybersecurity event in the UK, US National Security Agency (NSA) Director of Cybersecurity Rob Joyce shared an interesting bit of information:

“One interesting trend we see is, in the last month or two, ransomware is actually down. There’s probably a lot of different reasons why that is, but I think one impact is the fallout of Russia-Ukraine. As we do sanctions and it’s harder to move money and it’s harder to buy infrastructure on the web, we’re seeing them be less effective – and ransomware is a big part of that.”

If what Joyce said is true, this sheds new light on how cyberwarfare and cybercrime can both positively and negatively affect one another. It is important to note, however, that ransomware hasn’t gone away – it continues to be a serious threat. But why have rates gone down?

Why might the conflict reduce cybercrime rates?

It will take more time and information to fully understand how the conflict is affecting cybersecurity. However, a few trends have already emerged that experts know or suspect have impacted cybercrime rates:

• Russian cybercrime groups: Russia has long been known to have significant state cyber warfare capabilities. After the leak of internal records from a leading cybercrime group called Conti, many analysts suspect that the group is at least partially controlled by Russian security or intelligence agencies. It could be that some cyber criminals have now been directed to perform cyber warfare instead.
• Sanctions and infrastructure: As Joyce has already noted, the Western sanctions against Russia might have something to do with it. The sanctions mean cryptocurrency and fiat transactions may be under greater scrutiny, and it can also be harder to move around online as well. All of this makes profiting from cyber crime a bit more complicated.
• State cyberwarfare: The internet is now a warzone. Russian, Ukrainian and Western government cybersecurity agencies are scouring each others’ networks looking for vulnerabilities to exploit. At the same time, they are also probably shoring up their own vulnerabilities and performing counter-surveillance. This is a very difficult environment for independent cyber criminals to operate in.

Given the uncertainty of the situation, we should take this information with a grain of salt. Russia is suspected of harboring many cyber criminals, but it’s far from the only country to do so. Another problem is that cyber crime statistics are often self-reported. If a victim is targeted and pays the ransom without ever telling anyone, that attack won’t enter the stats.

How does this impact the average user?

If the trend Joyce observed continues, the immediate effect will probably be less ransomware incidents online, which is good news for us all! In the context of an ongoing cyber war, however, it’s uncertain just how safe we’ll remain. In addition to government targets, state actors may try to hack infrastructure, economically important corporations, and other high-impact targets that may have significant, indirect impacts on our lives.