Page 150 - Cyber Defense eMagazine January 2024
P. 150

Drill Down: Why Target Governments?

            Ransomware  groups  target  governments  for  several  reasons.  First,  governments  collect  and  store
            valuable data on their citizens and have large budgets. This makes them potentially lucrative targets for
            financial gain. Second, they own and run sensitive critical infrastructure.  Attacking  governments  allows
            ransomware  groups  to  disrupt  critical  services  with  the  resulting  chaos  potentially  exerting  political
            pressure to pay ransoms. And of course, some threat actors have political or ideological  agendas, and
            governments represent easy and symbolic targets for local or regional vendettas.

            To better understand the motives of Ransom-War threat actors, we analyzed the above-mentioned Costa
            Rica  attack  more  in-depth.  Costa  Rica  is,  after  all,  a  popular  tourist  destination  and  not  generally
            considered a country with overbearing or extended  political reach. So why would Conti have chosen to
            launch an attack against such an unassuming country?

               •  Theory 1 – The attack was simply a crime of opportunity. Attackers were looking for vulnerabilities
                   or weaknesses and struck when they found them in the Costa Rican government’s systems.
               •  Theory 2 - Owing to the sensitive timing of the attack (immediately following the transition of power
                   following  a  national  election),  it  was  an  attempt  to  destabilize  the  country  or  overthrow  it
                   altogether.
               •  Theory 3 - Based on internal  Conti communications,  the attack may have been a smokescreen
                   created to remind the public of the group’s prominence and lucrative attack prowess.
               •  Theory  4 -  Since  Costa  Rica publicly  rejected  the Russian  invasion  of Ukraine  and Conti  was
                   aligned with Russia, the motivation was political.



            Understanding the motives of ransomware groups that target governments is crucial for devising effective
            strategies to combat and mitigate the impact of ransomware attacks on governments.



            What Can Governments and Their IT Service Providers Do?

            It is common for attackers to target companies providing IT services to governments, as they may be less
            secure.

            While  having  backups  in place can  mitigate  the need  to pay for  a decryption  key,  it does not  prevent
            ransomware  attacks  from  occurring  against  government  agencies  or  entities.  To  establish  robust
            government cybersecurity, it is crucial to implement preventive measures and proactively counter threats.
            Some actions companies providing services to governments can offer:

               •  Limit publicity over governmental  projects - this is particularly important  in foreign media outlets
                   in foreign languages.

               •  Decentralize public and external digital assets so that if attackers are familiar with one IP/domain,
                   they can’t know everything within the public domain






            Cyber Defense eMagazine – January 2024 Edition                                                                                                                                                                                                          150
            Copyright © 2024, Cyber Defense Magazine. All rights reserved worldwide.
   145   146   147   148   149   150   151   152   153   154   155