Cybersecurity

Recent research provides a detailed analysis of cybercriminal networks targeting Australia and allied nations through ransomware attacks.

Conducted by the Australian Institute of Criminology, the study examined 865 ransomware incidents in Australia, Canada, New Zealand, and the United Kingdom from 2020 to 2022. In 2022, there were 309 attacks executed by 42 ransomware organizations.

Key Findings

The analysis reveals that ransomware groups have brief operational lifespans, with a median career length of 1.36 years. Only three groups were active throughout the entire study period. Despite this, significant economic damage was inflicted on targeted organizations.

Conti was identified as the most active group, responsible for 141 attacks before disbanding in mid-2022. LockBit, through various iterations, conducted 129 attacks, showcasing their rebranding strategies.

Ransomware attackers primarily targeted the industrial sector, which faced 239 attacks across all four countries, followed by consumer goods and real estate sectors. Australia reported 135 confirmed ransomware incidents, with the industrial sector being the most affected.

Ransomware-as-a-Service (RaaS)

The study highlights the rise of Ransomware-as-a-Service (RaaS) operations, which separate core ransomware groups from their affiliates. Core groups develop the malware and manage payments, while affiliates execute system compromises and ransom negotiations. NetWalker, which adopted the RaaS model in 2020, was responsible for 35 attacks.

RaaS models are associated with greater longevity and higher attack volumes, transforming ransomware into organized criminal enterprises.

Impact on Cybersecurity

Professor Chad Whelan from Deakin University’s Cyber Centre emphasized the need for targeted cybersecurity strategies. The emergence of new groups like Karakurt and Black Basta in 2022 underscores the ongoing threat.

The research recommends sector-specific cybersecurity awareness programs, regular audits, and advanced threat detection systems, particularly for high-risk industries. Enhanced collaboration between government agencies and researchers is also suggested to improve data sharing and develop effective countermeasures.