War on ransomware

Bighneswar Swain


Ransomware is a type of malicious software cyber criminals use to block you from accessing your own data. The digital extortionists encrypt the files on your system and add extensions to the attacked data and hold it ‘hostage’ until the demanded ransom is paid. Ransomware is often spread through phishing emails that contain malicious attachments or through drive-by downloading.

These are the different types of ransomware: i) CryptoWall – is responsible for a high percentage of ransomware attacks. Typically, CryptoWall attacks its target through phishing emails; ii) Locky – as the name implies, it locks you out of files and replaces the files with the extension .lockey; iii) Crysis – takes data attacks to a new level – actually kidnapping your data and moving it to a new virtual location; iv) Samsam – attacks unpatched WildFly application servers in the internet-facing portion of their network. Once inside the network, the ransomware looks for other systems to attack; v) Cerber- attacks the database server processes to gain access instead of going straight after the files; vi) Maze- is a variant of ransomware representing the trend in what is called ‘leakware.’

Foreign cybercriminals with scant dread of upshots have paralysed US schools and hospitals, leaked highly sensitive police files, triggered fuel shortages and, most recently, threatened global food supply chains.

The intensifying mayhem caused by ransomware gangs raises an obvious question: Why has the United States, believed to have the world’s greatest cyber capabilities, looked so powerless to protect its citizens from these kinds of criminals operating with near impunity out of Russia and allied countries? Until recently, it just hasn’t been a high priority for the US government.

President Joe Biden anticipates confronting Russia’s leader, Vladimir Putin, about Moscow’s concealing of ransomware criminals when the two men meet in Europe later this month. The Biden administration has also promised to boost defenses against attacks, improve efforts to prosecute those responsible and build diplomatic alliances to pressure countries that harbor ransomware gangs.

Pugnacious ransomware requires the nonlethal equivalent of the “global war on terrorism” launched after the September 11 attacks, said John Riggi, a former FBI agent and senior adviser for cybersecurity and risk for the America Hospital Association. Its members have been hard hit by ransomware gangs during the coronavirus pandemic. “It should include a combination of diplomatic, financial, law enforcement, intelligence operations, of course, and military operations,” Riggi said.

A public-private task force including Microsoft and Amazon made similar suggestions in an 81-page report that called for intelligence agencies and the Pentagon’s US Cyber Command to work with other agencies to “prioritise ransomware disruption operations.”

“Take their infrastructure away, go after their wallets, their ability to cash out,” said Philip Reiner, a lead author of the report. He worked at the National Security Council during the Obama presidency and is now CEO at The Institute for Security and Technology.

The FBI’s list of most-wanted cyber deserters has grown at a rapid clip and now has more than 100 entries, many of whom are not exactly hiding. Evgeniy Bogachev, indicted nearly a decade ago for what prosecutors say was a wave of cyber bank thefts, lives in a Russian resort town and “is known to enjoy boating” on the Black Sea, according to the FBI’s wanted listing.

Ransomware gangs can move around, do not need much infrastructure to operate and can shield their identities. They also operate in a decentralised network. For occurrence, DarkSide, the group responsible for the Colonial Pipeline attack that led to fuel shortages in the South, rents out its ransomware software to partners to carry out attacks. Katie Nickels, director of intelligence at the cybersecurity firm Red Canary, said identifying and disrupting ransomware criminals takes time and serious effort.

The White House has been vague about whether it plans to use offensive cyber measures against ransomware gangs. Press secretary Jen Psaki said last Wednesday that “we’re not going to take options off the table,” but she did not elaborate. Her comments followed a ransomware attack by a Russian gang that caused outages at Brazil’s JBS SA, the second-largest producer of beef, pork and chicken in the United States.

Gen. Paul Nakasone, who leads US Cyber Command and the National Security Agency, said at a recent symposium that he believes the US will be “bringing the weight of our nation,” including the Defense Department, “to take down this (ransomware) infrastructure outside the United States.”

Sen. Angus King, an independent from Maine who is a legislative leader on cybersecurity issues, said the debate in the Congress over how aggressive the US needs to be against ransomware gangs, as well as state adversaries, will be “front and center of the next month or two.” “To be honest, it’s complicated because you’re talking about using government agencies, government capabilities to go after private citizens in another country,” he said.

The US is widely believed to have the best offensive cyber capabilities in the world, though details about such highly classified activities are scant. Documents leaked by former NSA contractor Edward Snowden show the US conducted 231 offensive cyber operations in 2011. More than a decade ago a virus called Stuxnet attacked control units for centrifuges in an underground site in Iran, causing the sensitive devices to spin out of control and destroy themselves. The cyberattack was attributed to America and Israel.

Biden promised that his administration was committed to bringing foreign cybercriminals to justice. Yet even as he was speaking from the White House, a different Russian-linked ransomware gang was leaking thousands of highly sensitive internal files — including deeply personal background checks — belonging to the police department in the nation’s capital. Experts believe it’s the worst ransomware attack against a US-based law enforcement agency.

The writer is Head, North America, BIPM Practice- A leading IT Company, and Trustee, Shree Jagannath Chetna & Chintana World Wide.

Exit mobile version