As ransomware attacks across the United States and around the world reached a fever pitch in 2021, private companies and governments made their most extensive promises yet to address and deter such attacks and dismantle the cybercriminal ecosystem. A flurry of activity in recent weeks highlights progress on these efforts. But cybercrime is still at an all-time high, and researchers warn that there is no single holistic solution.
The Department of Justice announced last Tuesday the takedown of RaidForums, a marketplace for sensitive stolen data like usernames and passwords, Social Security numbers, and individuals’ financial information. They also said they had charged RaidForums’ alleged founder and chief administrator, 21-year-old Diogo Santos Coelho of Portugal, and arrested him in the United Kingdom on January 31. A day later, Microsoft said it had disrupted the ZLoader botnet, a favorite malware distribution platform for ransomware actors that include the Ryuk gang, which is known for targeting hospitals and other health care organizations. Microsoft even chose to name the alleged developer of one ZLoader component, who lives on the Crimean Peninsula, “to make clear that cybercriminals will not be allowed to hide behind the anonymity of the internet to commit their crimes.” And during the first week of April, German law enforcement working with US agencies announced the takedown of Russian-language dark web market Hydra. In addition to offering a platform to sell drugs and other elicit goods, Hydra was a major cybercriminal money-laundering and cash-out hub.
Dark-web market and botnet takedowns have been going on for years, but the escalating pace and scale of these interventions is noteworthy. After the Hydra takedown, for example, researchers found that users were concerned about how to replace its services and whether they would be able to trust new sites that could simply be fronts for law enforcement.
Allan Liska, an analyst for the security firm Recorded Future, says Whac-A-Mole is still an apt analogy for what’s going on, but that doesn’t mean there hasn’t been progress.
“Forgive me, I am going to stretch the analogy a little bit,” he said. “When you first start playing Whac-A-Moleyou can’t keep up and the moles keep winning. But if you head out to Coney Island every day with a pocketful of quarters, eventually you get really good at it. For the longest time, law enforcement and Big Tech were getting a little better each time, but now it’s like they are training for the Whac-A-Mole championships. We have seen an acceleration of takedowns over the last few years.”
Liska says expanded international cooperation, more law enforcement experience with running digital operations, and better public/private communication have all contributed to the improvement.
Still, cybercrime is an ever present threat. At the end of March, the FBI’s Internet Crime Complaint Center published its annual report on cybercrime-related submissions received in 2021. The group got 847,376 complaints that totaled nearly $7 billion in losses, a 64 percent increase over 2020. And the report opened by saying that last year, “America experienced an unprecedented increase in cyber attacks and malicious cyber activity.”