Will Ransomware and Cyberattacks Increase Due to The Ongoing Russia Ukraine War?

Russia’s invasion of Ukraine is triggering the global fear of major cyber attacks, especially targeting the U.S. and European systems. Till now, there hasn’t been any major cyber attack outside the country’s borders, but there are very high chances of doing so. In fact, back in January, the U.S. Cybersecurity and Infrastructure Security Agency published a CISA alert pointing out the threats to American infrastructure by Russian state-sponsored cybercrime.

Russia holds strong history of deploying cyber attacks in Ukraine and other parts of the world. It is suspected to be involved in many of the major past cyber attacks, such as the attack that turned down Ukraine’s power grids in 2015 or cyber attacks in Georgia. Similarly, the Russian military is also accused internationally of the severe NotPetya malware attack back in June 2017. NotPetya attack was so intense and widespread that it targeted the Ukrainian government, energy, and financial sectors and caused billions of dollars in damages.

With Russia’s invasion of Ukraine, both the government-backed hackers and other cybercriminals allied with Moscow have become active again in deploying new and damaging cyber attacks across the countries, targeting critical infrastructure and other most commonly used productivity tools. In fact, many cybercriminals in Russia tend to follow the government objectives in order to keep law parties away from them for some time. However, such cybercriminals mostly do not follow instructions properly and often go wild. For example, the ransom ware gang Conti made a statement that it will initiate attacks on the important infrastructure of anyone who launched cyber attacks or any other war activities against Russia. The Russian government is also known to keep a blind eye against major cybercrimes that are driven from its borders unless they also target any Russian assets.

There are many human rights groups and other organizations across the world that are somehow supporting Ukraine. So, the cybercriminals can make them their prime targets and can try to damage them as much as they could. Moreover, all the cyberattacks that initially target Ukraine can end up becoming massive cyber weapons.

Digital Attacks on Ukraine Before War

Even before the Russian invasion, there were many digital attacks carried out on Ukrainian. For example, the Ukrainian government, state service, and foreign ministry websites went down even before the Russian invasion started.

Some of the recent cyber activities reported include:

• 70+ Ukrainian government websites are spoiled in cyber attacks. Websites of the education ministry, foreign ministry, agriculture, energy, and sports ministries, and similar other Ukrainian government websites are hit by cyber attacks.
• Microsoft Threat Intelligence Center (MSTIC) has detected proof of destructive malware operations that are targeting Ukrainian organizations.
• As per Forbes, right after the conflict started, the suspected cyber-attacks sourced from Russia observed an increase of over 800% in 48-hour period.
• Russia is anticipated to have hacked Viasat, a US satellite communications provider, right at the invasion day.
• Recently, the national internet provider of Ukraine, Ukrtelecom, has confirmed a cyber attack, as its connectivity collapsed to 13% of pre-war levels.

In short, there is no doubt in accepting the fact that cyberattacks are on the rise ever since the invasion begin and things are not looking to get better soon.

How to Remain Protected from Cyber Attacks in Present Threats?

The current cyber threats, the warnings around them, and the fear of devastating outcomes are all meant to create uncertainty and worry. But the right strategy is to be aggressive instead of being worried. If you set up proper cybersecurity protection measures with up-to-date intelligence, then you can minimize the impact of becoming a victim of any cyberattack. But the question is what cybersecurity measures are effective in the present scenario?

Every organization has different digital needs and connectivity approaches, so the cybersecurity measures also vary accordingly. However, some of the common cybersecurity practices that almost all organization need today are as follow:

• Patching: Patching stands as one of the most vital security measures that can drastically enhance overall security. Software or operating systems mostly release the patch of any bug or issue they detect and request their users to patch the software asap. Cybercriminals often tend to exploit such loopholes, so it is vital to patch the systems regularly and keep your software/OS updated with new security features.
• Identify and Fix IT Black Holes: Every organization has its set of black holes in IT infrastructure that act as open doors for attackers. Therefore, you should ensure robust monitoring of the environment carried out by experienced professionals so that all such black holes can be fixed on time.
• Enhance your Current Cyber Infrastructure: You should look into your current cybersecurity infrastructure and try to enhance it by following best practices of vulnerability and configuration management, protective controls and architecture, identity and access management, etc.
• Prepare your Response: Despite comprehensive cybersecurity measures, there are still chances of becoming a victim of any cyberattack. Therefore, you should also have a proper response plan in place that you can execute right away once you detect the attack. The plan should include how to restore the system and data, how to isolate the malware from the system, how to remove malware, how to minimize downtime, etc.

Wrapping Up

It is not easy to forecast what’s the future of the Russia/Ukraine conflicts. However, one thing we know is that cybercriminals have come active in deploying damaging attacks on Ukrainian organizations and then elevating those attacks across other parts of the world. The recent cyberattacks on Ukrainian government websites and other organizations is a proof that things are getting worse gradually.

The ideal approach in this situation is to first keep yourself up-to-date with all the cyber-related news. Secondly, you should enforce all the cybersecurity measures that deem important for your organization. Overall, there is no such thing as full-proof cybersecurity, but you can minimize the chances of becoming a victim of ransomware and cyberattacks to a great extent with the right cyber strategies in place.