“In early May 2022, a state of emergency was declared in Costa Rica following a ransomware attack against government systems. The hacking group linked to the attacks–Conti–is thought to work from Russian territory. In a dramatic message, the gang even encouraged Costa Ricans to overthrow the government if officials do not transfer the ransom. In Italy, a ransomware attack that security officials believe is linked to Russian actors disrupted railway ticket vending machines. In Austria, Russian hacking group Black Cat demanded $5 million to unlock encrypted servers and refrain from leaking sensitive information. What about Ukraine? Ukraine has, in recent years, not suffered large financially motivated ransomware attacks. This might have been because, Ukraine has been historically more a provider of ransomware operators (e.g. Maksim Yakubets) rather than a target. In 2020 and 2021, Ukraine suffered less than 1 percent of ransomware attacks globally. This aligns with a trend where criminal groups avoid attacking systems on territories of the former Soviet Union. ...”
Council on Foreign Relations (July 26)