“Russian hackers” have made it their priority to ensure their own security after the arrests of other cybercriminals, including from the REvil group.
Dmitry Volkov, CEO and founder of Group-IB, spoke about such a reaction of the darknet to ongoing events in an interview with Lenta.ru.
“Security and anonymity have become priorities after the precedents with the shutdown of REvil servers, the arrests of members of the group, and the detention of criminals in Russia who helped cash out the proceeds of cybercriminals. Another catalyst for this was the release of the fight against encryption programs at the state level, ”Volkov said.
At the same time, partner programs that distribute ransomware on the dark web have become more closed. Now you can take part in such a project only if you are personally acquainted with its organizer. All this, according to Group-IB analysts, is happening against the background of the consolidation of the darknet around ransomware and the groups involved in it.
“The entire criminal underground unites around cryptographers. Everyone found work: those who sell access to hacked companies, and those who attack them, and those who negotiate for a ransom or post stolen data on the dark web. New groups, reassembled from former associations, will constantly appear on this market, ”Volkov is sure.
According to Group-IB, the main list of victims at the country level, as well as industry preferences of hackers, remained unchanged. Globally, almost half of ransomware attacks are in the US (49.2 percent in 2021). Canada (5.6 percent) and France (5.2 percent) follow far behind. Most often, manufacturing enterprises are attacked (9.6 percent of attacks), real estate (9.5 percent) and the transport industry (8.2 percent).
