Ransomware persists even after high profile attacks have been slowed down | AP news


WASHINGTON (AP) – In the months since President Joe Biden warned Russia’s Vladimir Putin which he had to crack down on Ransomware Gangs in his country have not yet seen a massive attack like this last May this led to a shortage of petrol. But that’s a little consolation for Ken Trzaska.

Trzaska is president of Lewis & Clark Community College, a small school in Illinois that canceled classes for days after a ransomware attack last month that took critical computer systems offline.

“On that first day,” said Trzaska, “I thought we were all probably awake for over 20 hours, just moving through the process and trying to put our arms around what had happened.”

Although the United States is not currently experiencing large-scale front page ransomware attacks comparable to those seen earlier this year targeted the global meat supply or stopped millions of Americans from filling their tanks, the problem has not gone away. In fact, the attack on Trzaska’s college was part of a spate of lesser-known episodes that turned the businesses, governments, schools and hospitals that hit it on their heads.

The college ordeal reflects the challenges the Biden administration is facing in countering the threat – and their uneven progress since ransomware became a pressing national security concern last spring.

US officials have received some ransom payments back, taken action against cryptocurrency abuse, and made some arrests. Espionage agencies have launched attacks against ransomware groups, and the US has urged federal, state, and local governments and the private sector to step up protection.

But six months after Biden’s admonitions to Putin, it’s hard to say whether hackers have eased due to US pressure. Smaller attacks continue, with ransomware criminals continuing to operate out of Russia with seemingly impunity. Government representatives are contradicting themselves whether Russia’s behavior has changed since last summer. To make matters worse, ransomware is no longer at the top of the American-Russian agenda Washington focused on dissuading Putin from invading Ukraine.

The White House said in a statement that it was determined to use its various tools to “fight all ransomware,” but that the government’s response would depend on the severity of the attack.

“There are some that are law enforcement matters and others that are highly effective, disruptive ransomware activities that pose a direct threat to national security and require other action,” the White House statement said.

Ransomware attacks – in which hackers lock victims’ data and charge exorbitant sums to return it – have emerged as a national security emergency for the government following an attack on the Colonial Pipeline, which supplies nearly half the fuel consumed on the east coast, in May .

The attack caused the company to cease operations, resulting in gas shortages for days despite it Service resumed after paying more than $ 4 million in ransom. Shortly after that came an attack on the meat processor JBSwho paid a $ 11 million ransom.

Biden met with Putin in Geneva in June, where he proposed that critical infrastructure sectors be “banned” from ransomware, and said the US should know in six months to a year “if we have a cybersecurity deal that is starting something To bring order ”.

He repeated the message in July, days after a Major attack on a software company, Kaseya, which affected hundreds of companies, and said he expected Russia to take action against cyber criminals if the US provides enough information on it.

Since then, there have been some notable attacks by groups believed to be based in Russia, including against Sinclair Broadcast Group and the National Shooting Associationbut none of the same consequences or effects as last spring or summer.

One reason could be increased scrutiny or fear of the US government.

The Biden administration in September sanctioned a Russia-based virtual currency Exchange, which officials say was aiding ransomware gangs with money laundering. Last month the Justice Ministry unsealed the charges against a suspected Ukrainian ransomware operator arrested in Poland Recovered millions of dollars for ransom payments. General Paul Nakasone, head of US Cyber ​​Command, told the New York Times that his agency had started offensive operations against ransomware groups. The White House says the “entire government” efforts will continue.

“I think the ransomware people who run it are stepping back and saying, ‘Hey, if we do this, the US government will go after us aggressively,'” said Kevin Powers, security strategy advisor at cyber risk firm CyberSaint said about attacks on critical infrastructure.

US officials, meanwhile, have disclosed a small number of names of suspected ransomware operators to Russian officials who have said they have started the investigation, according to two people familiar with the matter who were not allowed to speak publicly.

It is unclear what Russia will do with these names, although Kremlin spokesman Dmitry Peskov insisted the countries had a useful dialogue, saying that “a working mechanism has been put in place and is actually working”.

It is also difficult to measure the impact of individual arrests on the overall threat. While the suspected ransomware hacker awaits extradition to the United States after his arrest in Poland, a British tabloid later reported that another, charged by federal prosecutors, lived comfortably in Russia and drives luxury cars.

Some are skeptical when it comes to attributing a drop in high-profile attacks to U.S. efforts.

“It could just have been a coincidence,” said Dmitri Alperovitch, former chief technology officer at cybersecurity company Crowdstrike. He said asking Russia to crack down on large-scale attacks will not work because “it’s a far too granular call to calibrate criminal activity that they don’t even fully control.”

Senior American officials have given conflicting answers about Ransomware trends since Biden’s talks with Putin. Some FBI and Justice Department officials say they have found no change in Russian behavior. National Cyber ​​Director Chris Inglis said there was a noticeable decline in attacks but it was too early to say why.

Given the lack of basic information and inconsistent reporting from victims, it is difficult to quantify the number of attacks, although the absence of disruptive incidents is a major sign of a White House trying to turn its attention to key national security risks and catastrophic violations judge.

Ransomware attacks in recent months have targeted hospitals, small businesses, colleges like Howard University – which temporarily took many of their systems offline after discovering an attack in September – and Virginia’s lawmakers.

The attack on Lewis & Clark in Godfrey, Illinois was spotted two days before Thanksgiving when the school’s IT director discovered suspicious activity and proactively disconnected systems, Trzaska, the president, said.

A ransom note from hackers called for payment, although Trzaska declined to disclose the amount or identify the culprits. Although many attacks originate from hackers in Russia or Eastern Europe, some originate elsewhere.

With vital education systems affected, including email and the school’s online learning platform, administrators canceled classes for days after the Thanksgiving break and shared updates with students through social media and a public warning system.

The college, which had backups on most of its servers, resumed operations this month.

The ordeal was disheartening enough to inspire Trzaska and another college president, whom he says had a similar experience, to plan a cybersecurity panel.

“Everyone’s stock quotation,” Trzaska said, “is not whether it will happen, but when it will happen.”


Suderman reported from Richmond, Virginia. Associated press journalist Dasha Litvinova in Moscow contributed to this report.


Source link
#Ransomware #persists #high #profile #attacks #slowed #news

Leave a Reply