The stereotypical profile of a hacker in his parents’ basement developing and launching attacks can officially be put to rest. The geopolitical nature of executing attacks against states or those supporting a state have taken a prime position in the arena of ransomware.
Whether individual vendettas, hacker groups looking to exploit political situations for boasting or on a for-hire basis, and even state-sponsored attacks, the results are the same. As geopolitically motivated attacks continue an upward swing, it’s important to note that these attacks aren’t carried out until the criminal(s) already has access to the targeted systems.
Although a geopolitical attack can originate from almost anywhere, there are five primary sources from which most Linux-based ransomware attacks originate:
The ongoing crisis in the Ukraine has encouraged a surge in Linux-based attacks based on geopolitics. It has been interesting to watch how a potential geopolitical attack can quickly turn into a typical ransomware incursion.
That said, state actors vs. opposing state departments are growing, even if many smaller attack groups are using political ideology to forward their own financial gains.
The types and reasons for attacks since the beginning of the Ukraine crisis typically fit in one of these categories:
The intended purpose of these attacks usually dictate the severity and impact of the ransomware event.
While businesses have the option of being politically agnostic as a safety measure, this strategy doesn’t work well when it comes to state actors. Security can’t be a given even with the (arguably) more secure Linux-based systems running the show. An attack can prove to be a threat to the well-being of the general population, and may soon be seen as a bargaining chip at the negotiating table.
Nations and corporations are taking notice of how geopolitics are driving an increased number of attacks against devices. Some are taking action to get ahead of this trend, such as the cooperation between European Union and the United States. It will take this level of cooperation between countries and businesses to put a halt to geopolitical ransomware.