Ransomware attackers are evolving—and so are their motives. Here’s what you need to know about hacktivists and cyber espionage.
States and governments have enlisted hacktivists as their own national “cyber espionage” task forces, funding attackers and handing them sophisticated technology “weapons.” What will the impact be of hacktivists on the warpath? If history is any indicator, entire governments could be destabilized.
Online attackers using ransomware as their weapon of choice are at the top of the cybersecurity headlines at the moment—and with good reason. These attacks have brought major cities and hospitals to a grinding halt. But while most ransomware attackers are usually just out for the ransom itself, attackers known as “hacktivists” attack for reasons besides money. And they’re making a comeback.
“When you watch a film like ‘War Games’ or ‘Hackers,’ they seem childish—not as malicious as they could be,” warned Hector Monsegur, the well-known former hacker, during Pure’s webinar “Ransomware Nightmares? Defend Your Data!” “But we’re in a different era. Hacking can be weaponized.”
What to know about hacktivists, how they’re evolving, and what you can do about it
1. Your current ransomware strategy probably isn’t enough.
Business leaders typically develop emergency plans for dealing with ransomware attackers who only want ransoms paid—which usually means either paying the ransom or designing storage so that data can quickly be replaced. But cyber espionage is a new spin on ransomware in that the attackers who seize data don’t usually want money—they want your data so they can expose it publicly. As The Washington Post reported recently, hacktivists have “capped off a nine-month run of stunning breaches.” In October 2021, when hacktivists published a huge haul of data stolen from streaming site Twitch, including all of the site’s source code, the hackers said Twitch had become a “disgusting cesspool.” The hacktivists wanted publicity for their message, not ransom money.
2. State-sponsored hackers are gaining more power.
Hacktivists today are less likely to be ragtag, loosely organized small groups, and more likely to have state money and power behind their attacks. In fact, Microsoft reported that state-sponsored hackers have seen healthy success rates this year, with Russia accounting for 58% of state-sponsored hacks. Most of these attacks targeted government agencies and think tanks in the United States.
When states hire “private-sector offensive actors” (PSOA), the hackers gain access to very sophisticated off-the-shelf tools and open-source penetration testing tools to carry out large-scale cyberattacks. In effect, the PSOAs are operating like a business, selling hacking as a service.
3. Cyber espionage and exfiltration are putting more data at risk.
Cyber espionage is a new flavor of ransomware in which hackers do more homework to identify the biggest payloads from their targets, such as classified, sensitive data or proprietary, intellectual property. If there’s one thing modern ransomware hackers have figured out, it’s that not all data is created equally. In fact, some data isn’t just more valuable—it can have seismic effects when stolen.
A cyber-espionage play can also be used by an adversarial country to undermine other counties. Monsegur noted, “In the rare instance where hackers can obtain intellectual property, say from a manufacturer, they can sell that data upstream to other countries.”
4. Hacktivists have technical know-how.
The exfiltration of sensitive data (along with threats to post it online) can cause even more havoc and scandal—exposing company secrets or even military intelligence. The deliberately recruited and highly valued cybercriminals have the technical expertise to shut down anything from government infrastructures to financial systems to utility resources. They’ve influenced the outcome of political elections, created havoc at international events, and helped companies succeed or fail.
5. Hacktivists often rely on anonymous cryptocurrencies to reduce the chances of getting caught.
Hackers may feel emboldened by the fact that because they’re able to use anonymous tools, they’ll remain underground once the ransom is paid. But that’s not always the case: After the May 2021 ransomware attack on Colonial Pipeline, FBI agents were able to identify the bitcoin wallet the hackers used and recover about half of the $5 million ransom the fuel company had paid. But the hackers remained at large, as did the rest of the ransom.