Even by its own grim standards, the last two years have been a remarkable time for the ransomware industry.
Innovations, meanwhile, have come thick and fast, including targeting critical infrastructure on a significant scale and encrypting files using techniques designed to speed up the whole extortion process.
Nobody can say with any certainty how many victims the criminals have extorted during this period, but we can say that despite the occasional setback, the ransomware industry has experienced a boom in the potential mayhem it can cause.
But if we could pick out a single development as important, it might be the way ransomware is now routinely being used to attack whole countries in a single campaign.
The latest victim of this trend is Bosnia and Herzegovina, which from Sept. 8 on saw a range of disruption hit government servers and websites.
To some, the fact that criminals managed to encrypt and hold ransom government files will sound like a routine attack. But the data involved in this attack relates to official and political affairs, some of it reportedly dating back nearly 20 years.
That’s a big resource for a government to lose control of, possibly forever.
Other recent incidents involving countries and ransomware include an attack on Montenegro in August, another that seemed to target Argentina’s capital city Buenos Aires, and large-sale repeated attacks aimed at Costa Rica from earlier in 2022.
Meanwhile, there have been many similar, smaller attacks targeting government departments across the developing world and beyond, most not widely reported.
It’s possible these attacks are what one might expect. Some governments don’t protect themselves any better than companies do, and ransomware attackers will always target weaknesses when they find them.
Seeing these attacks as assaults on countries or their governments might be a red herring—they’re simply ransomware attacks.
However, there is evidence that some attacks—the large recent attack on Albania, for example—are strongly connected to nation state geopolitics.
That was blamed on Iran and led to Albania cutting all diplomatic ties, the first time a cyberattack has led to such a response in world affairs.
So far, ransomware attacks on countries seem to be targeted campaigns against smaller countries. Indeed, it could be argued that they’re not conventional ransomware attacks at all, and are really using this type of malware to maximize disruption.
In a way, that’s scarier, for two reasons. First, it implies that ransomware is now the de facto type of attack, outstripping all others. Malware has evolved over the last four decades to reach the point when it starts damaging the world beyond computers, including not only infrastructure but the running of governments and economies.
It also hints that, as with previous ransomware trends, this won’t remain a problem for only smaller countries. Could larger countries be severely disrupted in future attacks? That remains to be seen, but it’s become a real possibility.