Global war on ransomware? Obstacles hamper the US response.

Foreign criminals with keyboards unafraid of the consequences have crippled US schools and hospitals, leaked highly sensitive police files, caused fuel shortages and, most recently, threatened global food supply chains.

The escalating havoc from gangs of ransomware begs an obvious question: Why did the United States, believed to have the greatest cyber capabilities in the world, seem so powerless to protect its citizens from these types of criminals, the? operate with almost impunity outside of Russia and the allied countries?

The answer is that there are numerous technological, legal, and diplomatic barriers to prosecuting gangs of ransomware. Until recently, it just wasn’t a high priority for the US government.

That has changed as the problem has moved beyond a financial nuisance. President Joe Biden plans to confront Russia’s leader Vladimir Putin about Moscow’s ransomware hideaway when the two men meet in Europe later this month. The Biden government has also vowed to step up defensive measures against attacks, step up efforts to prosecute those responsible, and forge diplomatic alliances to put pressure on countries hosting ransomware gangs.

Calls on the government to order US intelligence agencies and the army to attack the technical infrastructure of ransomware gangs that are used to hack, publish sensitive victim data on the dark web and store payments in digital currency.

Fighting ransomware requires the non-lethal equivalent of the “global war on terror” that began after the 9/11 attacks, said John Riggi, a former FBI agent and senior cybersecurity and risk advisor with the Hospitals Association of USA. Its members were hit hard by ransomware gangs during the coronavirus pandemic.

“It should of course include a combination of diplomatic, financial, police, intelligence and military operations,” Riggi said.

A public-private task force that included Microsoft and Amazon made similar proposals in an 81-page report calling on the Pentagon’s intelligence services and cyber command to work with other agencies to “prioritize ransomware interruption operations.” to grant “.

“Take away your infrastructure, find your wallets, your opportunities to collect,” said Philip Reiner, lead author of the report. He was a member of the National Security Council during Obama’s presidency and is now executive director of the Institute for Security and Technology.

But the difficulties of turning down ransomware gangs and other cyber criminals have long been clear. The list of the FBI’s most wanted cyber refugees has grown rapidly and now includes more than 100 entries, many of which are not exactly hidden. Evgeniy Bogachev, who was charged with a wave of cyber bank robberies nearly a decade ago, lives in a Russian resort and “is known to enjoy boating on the Black Sea,” according to the FBI’s Black Sea wanted list.

Ransomware gangs can move around, don’t need a lot of infrastructure to operate, and can protect their identity. You also work in a decentralized network. For example, DarkSide, the group responsible for the Colonial Pipeline attack that caused fuel shortages in the south, leases its ransomware software to partners to carry out attacks.

Katie Nickels, chief intelligence officer at cybersecurity firm Red Canary, said identifying and disrupting ransomware criminals takes time and effort.

“A lot of people misunderstand that the government can’t just go out and push a button and say, well, bomb this computer,” he said. “Trying to pin a person in cyberspace is no easy task, even for intelligence agencies.”

Reiner said these limits do not mean the United States can no longer take action against the defeat of ransomware, comparing that to the United States’ ability to downgrade the al-Qaeda terrorist group without apprehending its leader, Ayman al-Zawahiri, who assumed power after American forces killed Osama. Bin Laden.

“We can quite simply argue that al-Qaeda is no longer a threat to the homeland,” said Reiner. “If you don’t get al-Zawahiri, you are destroying his ability to actually operate. You can do that with these guys (ransomware). ”

The White House has been vague about whether it intends to offens.

Back to top button