The price of cryptographers was reduced – Newspaper Kommersant No. 215 (7416) dated 11/21/2022

Hackers who extort a ransom for decrypting and refusing to publish stolen data began to demand much less funds from their victims in the Russian Federation than before. This is due to the tightening of regulatory requirements for business response to incidents, as well as the relatively low cost of the services of incident investigators, according to market participants. But the cost of attacks is also reduced, so fraudsters may well remain profitable. At the same time, experts admit, a number of groups are still operating in Russia, whose ransoms reach 1 billion rubles. First of all, such hackers target banks, insurance companies, retailers and IT.

Cybersecurity specialists working in the Russian market told Kommersant that hackers who use encryption viruses (getting into the computer and encrypt valuable files) have recently significantly reduced the amount of monetary rewards for the data of their victims. Thus, according to RTK-Solar, the amount of redemption decreased by more than 20 times year on year. Fyodor Chunizhekov, an analyst at the Positive Technologies research group, confirms the trend, although his estimates differ. In the second quarter, the analyst explains, the median buyout amounted to about $36,000, which is 51% less than at the end of 2021. Cyber ​​insurance startup Coalition claims in a report that in the first half of 2022, attackers offered their customers to pay an average of $896,000, which is a third less than at the end of 2021.

The cost of attacks has also changed: prices for virus encryption software on the dark web have fallen 10-12 times, says Vladimir Dryukov, director of the Solar JSOC Cyber ​​Attack Center at RTK-Solar: “Recently, codes for several encryption programs have been published that became available to everyone, so even with basic training, hackers are able to create a virus on their own without spending money.”

In the spring, after the start of the conflict in Ukraine, the number of ransomware attacks on Russian companies tripled. As noted in Positive Technologies, every second attack on the financial sector in the first three quarters of the year was carried out using encryption viruses. But the actions of the hackers were rather political. Thus, groups began to publish the information received, including personal data of users, in the public domain more often. Previously, these were more often only threatened as part of ransom demands (see Kommersant of May 12).

According to Kommersant’s interlocutor in the cybersecurity market, in 2022, attackers have to reduce the amount of the ransom, because if it is higher than the cost of the services of a company that can legally investigate the incident, the attackers simply will not be paid. According to Kommersant’s interlocutor, the reduction in requirements is also due to the close attention of regulators to the topic of information security of companies and the development of punitive measures for concealing incidents. On September 1, 2022, amendments to the law “On Personal Data” came into force, according to which companies processing user data are required to notify Roskomnadzor within 24 hours in the event of a leak, and within 72 hours to provide the results of an internal investigation of the incident indicating the reason and the perpetrators.

“It is important to understand that by involving a company in an investigation, the customer receives information about how the attackers penetrated the network, what vulnerabilities they took advantage of, and can block this path,” notes Vladimir Dryukov. Otherwise, he explains, there is a high probability that “the projectile will hit the same funnel twice” and the organization that paid the ransom will be hacked again.

But, as Group-IB told Kommersant, there are still attackers with high demands in Russia. Among them, says Oleg Skulkin, head of the Group-IB computer forensics laboratory, for example, the OldGremlin hacker group, which is now targeting large enterprises – banks, logistics, industrial and insurance companies, as well as retailers and IT: “If in 2021 OldGremlin was required the victim has 250 million rubles. for restoring access to data, then in 2022 their price tag rose to 1 billion rubles.

Tatyana Isakova