BitDepth#1448

Mark Lyndersay

THE RANSOMWARE Roundhouse, a report on the state of ransomware in 2023, was launched last week with a webinar discussing the findings and their implications.

The authors, Alex Samm of Tier 10 Technology and Shiva Parasram of the Computer Forensics and Security Institute, acknowledge that their findings are incomplete, based as they are on announcements by ransomware collectives of successful exfiltrations of company data from businesses.

The report lists 32 known breaches. TT is second in a tie with the Dominican Republic with four known breaches and behind Dominica and Puerto Rico, which led with six known breaches each.

The Caricom nations confirmed to have been hit by successful ransomware breaches were Antigua and Barbuda, The Bahamas, Barbados, Belize, Dominica, Grenada, Guyana, Haiti, Jamaica and TT.

Among the affected entities are insurance companies, logistics and supply businesses, retail and medical companies and a higher education institution.

The report redacts specific details about the companies or institutions affected, but lists the ransomware collectives responsible for the 2023 attacks.

The 8Base, Lockbit3, RansomEXX, Royal and Hive ransomware groups targeted TT and only Royal is currently listed as inactive. These are all international criminal businesses, the authors warn, that do not discriminate based on company size, business sector or location.

"In 2023 we learned that no one was safe in the Caribbean region," Parasram and Samm write.

"The sector, size of the organisation, technologies implemented, impact on the global stage, geopolitical affiliations or even the GDP were of no matter. Threat actors were interested only in profits and chose their targets based on who was likely to suffer great losses (or fines where applicable), should they refuse to pay them."

The authors also expressed concern that the list of 32 regional breaches is probably inaccurate, since it does not list ransomware attacks that ended in payment of the routinely exorbitant demands.

Groups such as LockBit3 list over 1,000 victims on their official dark web leak site for 2023, indicating that ransomware groups have become far more aggressive than seen in previous years, and companies and organisations alike are in fact paying the ransoms."

That conjecture is supported by the increase in ransoms paid in 2023, usually in some form of cryptocurrency.

"According to researchers at Chainalysis.com, the amount paid in ransoms for 2023 amounted to a staggering US$1.1 billion. This figure is almost double the amount paid in 2022 which totalled US$560 million."

It's notable that the breaches reported in TT were largely found on the dark web after ransoms were not paid and stolen data was released to the public.

The local fuzziness around ransomware is only made worse by the national disinclination to be open about these incidents.

In January, Minister of National Security Fitzgerald Hinds told a workshop hosted by his ministry, Caricom IMPACS and the EU that between