Home Posts The United States' Response To Ransomware Attacks Is Hampered By Obstacles.
The United States' Response To Ransomware Attacks Is Hampered By Obstacles.

The United States' Response To Ransomware Attacks Is Hampered By Obstacles.

RICHMOND, Va. (AP) — Foreign keyboard criminals with little fear of repercussions have paralyzed American schools and hospitals, leaked highly sensitive police files, caused fuel shortages, and, most recently, threatened global food supply chains.

The escalating devastation caused by ransomware gangs begs the obvious question: Why has the United States, widely regarded as possessing the world's most advanced cyber capabilities, appeared so powerless to protect its citizens from these types of criminals operating with near impunity from Russia and allied countries?

The answer is that going after ransomware gangs presents numerous technological, legal, and diplomatic challenges, and it hasn't been a high priority for the US government until recently.

That has changed as the problem has grown far beyond an economic annoyance. President Joe Biden intends to confront Russia's leader, Vladimir Putin, about Moscow's harboring of ransomware criminals when the two men meet in Europe later this month. The Biden administration has also promised to strengthen defenses against attacks, improve efforts to prosecute those responsible, and strengthen diplomatic alliances.

There is growing pressure on the administration to direct U.S. intelligence agencies and the military to target ransomware gangs' technical infrastructure, which is used for hacking, posting sensitive victim data on the dark web, and storing digital currency payouts.

Fighting ransomware requires a nonlethal equivalent of the “global war on terrorism” launched after the Sept. 11 attacks, according to John Riggi, a former FBI agent and senior adviser for cybersecurity and risk for the America Hospital Association, whose members have been heavily targeted by ransomware gangs during the coronavirus pandemic.

“It should include a mix of diplomatic, financial, law enforcement, intelligence, and military operations,” Riggi said.

In an 81-page report, a public-private task force led by Microsoft and Amazon recommended that intelligence agencies and the Pentagon's US Cyber Command collaborate with other agencies to "prioritize ransomware disruption operations."

“Take away their infrastructure, go after their wallets, go after their ability to cash out,” said Philip Reiner, a lead author of the report who worked at the National Security Council during Obama’s presidency and is now CEO of The Institute for Security and Technology.

The FBI’s list of most-wanted cyber fugitives has grown at a rapid pace and now has more than 100 entries, many of whom are not exactly hiding. Evgeniy Bogachev, indicted nearly a decade ago for what prosecutors say was a wave of cyber bank thefts, lives in a Russian resort town and “is known to enj

Ransomware gangs can move around, do not require much infrastructure to operate, and can conceal their identities; they also operate in a decentralized network; for example, DarkSide, the group responsible for the Colonial Pipeline attack, which caused fuel shortages in the South, rents out its ransomware software to partners to carry out attacks.

Identifying and disrupting ransomware criminals, according to Katie Nickels, director of intelligence at the cybersecurity firm Red Canary, takes time and effort.

“A lot of people have the misconception that the government can just go out and press a button and say, well, nuke that computer,” she said, adding that “trying to attribute to a person in cyberspace is not an easy task, even for intelligence communities.”

Reiner compared America's ability to degrade al-Qaida while failing to capture its leader, Ayman al-Zawahiri, who took over after U.S. troops killed Osama bin Laden, to that of defeating ransomware.

“We can fairly easily argue that al-Qaida no longer poses a threat to the homeland,” Reiner said. “Instead of capturing al-Zawahiri, you destroy his ability to operate, and that’s what you can do with these (ransomware) guys.”

The White House has been vague about whether it intends to use offensive cyber measures against ransomware gangs. Press secretary Jen Psaki said Wednesday that “we’re not going to take options off the table,” but she did not elaborate. Her comments came in the wake of a ransomware attack by a Russian gang that caused outages at Brazil’s JBS SA, the world’s second-largest producer of beef, pork, and chicken.

At a recent symposium, Gen. Paul Nakasone, commander of US Cyber Command and the National Security Agency, stated that the US will “bring the weight of our nation,” including the Defense Department, “to take down this (ransomware) infrastructure outside the United States.”

Sen. Angus King, an independent from Maine who is a legislative leader on cybersecurity issues, said the debate in Congress about how aggressive the United States should be against ransomware gangs and state adversaries will be “front and center of the next month or two.”

“To be honest, it’s complicated because you’re talking about using government agencies and capabilities to go after private citizens in another country,” he said.

The United States is widely regarded as having the best offensive cyber capabilities in the world, despite the fact that details about such highly classified activities are scarce. According to documents leaked by former NSA contractor Edward Snowden, the United States conducted 231 offensive cyber operations in 2011.

The United States has already authorized cyberwarriors to engage hostile hackers in cyberspace and disrupt their operations with code, as part of a policy known as “persistent engagement.” The United States Cyber Command has also launched offensive operations related to election security, including against Russian misinformation officials during the 2018 midterm elections.

Following the Colonial Pipeline attack, Biden promised that his administration was committed to prosecuting foreign cybercriminals. However, even as he spoke from the White House, a different Russian-linked ransomware gang was leaking thousands of highly sensitive internal files — including deeply personal background checks — belonging to the nation's capital's police department.

In a subsequent post, the hackers stated, “We are not afraid of anyone.”

Leave a Reply

Your email address will not be published, Required fields are marked with *.