Criminal Coverage for Cyber Disruption

Ransomware is a frequently discussed topic in information security circles, but the ubiquity of such operations also provides more concerning threat actors with a mechanism to launch deniable destructive events. Starting as early as 2017 with the NotPetya incident, threat actors embraced ransomware-like capabilities to deflect attention and confuse analysis in destructive cyberattacks. Since then, adversaries have become increasingly capable in developing and delivering such capabilities. Such attacks have occurred in various geographic reasons, from Europe to the Middle East to East Asia, with possible incidents in many other locations. This presentation will examine this type of attack methodology, its implications for defenders and policy-makers, and what options exist to reduce the likelihood and severity of this type of obfuscated cyberattack.