Ransomware offensive gets underway
It’s taken a lot of time, but the U.S. government is finally going on the ransomware offensive at scale as its moves to better coordinate efforts to disrupt the operations of the cybercriminals gang that launch ransomware attacks.
Cybersecurity and Infrastructure Security Agency (CISA) director Jen Easterly at a recent Institute for Security and Technology (IST) event announced that a joint ransomware task force as called for in the Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA) has been officially formed.
The U.S. Federal Bureau of Investigations (FBI) will co-chair the task force. The operational leads will be Eric Goldstein, CISA’s head of cyber and Bryan Vorndran, the assistant director of the FBI’s Cyber Division.
Easterly said the focus will be on disrupting the illicit activities of cybercriminal gangs while CISA continues to focus on cybersecurity resilience. The U.S. Department of Justice (DOJ) is also more aggressively tracking illegal cryptocurrency transactions that are used to facilitate ransomware payments. The DOJ is also creating a cybersecurity operations international liaison position to improve its ability to respond as cybercriminal activity is discovered.
There’s always been a significant level of frustration with the ability of governments around the world to respond to the ransomware scourge. The simple truth is that it’s too easy to launch a ransomware attack. It’s not likely governments will be able to prevent ransomware altogether, but the volume of attacks could be reduced simply by first disrupting the IT infrastructure that cybercriminals rely on to launch these attacks and then making it a lot more difficult to collect cryptocurrency. The U.S. has already demonstrated its ability to achieve that latter goal when it seized $30 million in cryptocurrency from the NetWalker ransomware group in early 2021.
It's not clear just what impact these efforts will have but the Conti ransomware gang recently declared it is changing its strategy. Instead of operating as a centralized entity, Conti is apparently moving toward partnering with smaller ransomware gangs to better evade law enforcement. The U.S. government is offering $15 million for information that leads to the arrest of members of the Conti. National Security Agency (NSA) director of cybersecurity Rob Joyce is also claiming that ransomware attacks are down in roughly the last two months mainly because of the sanction placed on Russia. Cybercriminals operating out of Russia are struggling to find ways to cash out ransom payments and set up infrastructure, he claims. At the very least, individuals that might have thought about joining a cybergang will be thinking twice about life in cybercrime as it becomes more difficult to enjoy any ill-gotten gains.
Of course, an ounce of prevention is always worth more than any pound of cure. Research into methods that would make it a lot more difficult to launch ransomware attacks continues to advance but it’s likely to be years before there are any meaningful results. In the meantime, however, the best defense is to make sure a pristine copy of critical data is always available because it’s only a matter of time before it will be needed.