Written by Tim Starks
Jan 18, 2022 | CYBERSCOOP
Ransomware is fundamentally about reaping massive profits from victims — payments were on pace to cross the billion-dollar threshold in 2021, according to the U.S. government — but there are signs foreign government-connected groups are increasingly moving into a territory dominated by criminal gangs, and for an entirely different motive: namely, causing chaos.
Research that Microsoft and cybersecurity company CrowdStrike recently publicized separately concluded that Iranian hackers tied to Tehran had been conducting ransomware attacks that weren’t about making money, but instead disrupting their enemies. It echoed research from last spring and summer by FlashPoint and SentinelOne, respectively.
When disruptive ransomware pays off, those who have studied the phenomenon say, it can embarrass victims. It can be used to steal data and leak sensitive information the public. It can lock up systems, disabling targets. And given the prominence of ransomware, it’s another method that foreign intelligence and military agencies can use to hide in the shadows, wreak havoc and make it look like the work of others.
If the tactic spreads, it could lead to even more companies and other targets fending off ransomware in the line of nation-state cyberwarfare and