August 10, 2022

Biden, Putin Brace for Possible Fight Over Ransomware | Voice of America

WASHINGTON – As President Joe Biden prepares for his first meeting with Russia’s Vladimir Putin on Wednesday in Geneva, the White House says the threat of ransomware will be a “significant topic” of conversation between the two leaders.

Until just a couple of years ago, ransomware was viewed largely as a financial crime, hardly an issue that would dominate the first face-to-face meeting between the Russian and American leaders.

But the issue was catapulted to the forefront of geopolitics last month after cybercriminals believed to be operating in Russia breached the networks of a major U.S. pipeline operator and a meat processor, demanding and receiving millions of dollars in ransom.

Although U.S. officials have not accused the Russian government of direct involvement in the latest attacks, some lawmakers say Russia-based cybercriminals often work with the knowledge, if not the complicity, of the Kremlin. They are demanding that Biden deliver a tough message to Putin to end the practice.

In a ransomware attack, cybercriminals encrypt a company’s or institution’s data and then demand a ransom in exchange for a decryption key and a promise not to release the data. Ransomware groups often offer their services to other hackers in exchange for a share of the ransom. Experts say this has helped lure a growing number of otherwise novice cybercriminals into the lucrative ransomware business.

Following are the answers to three key questions about Russia’s role in ransomware attacks:

What do we know about Russian-speaking ransomware groups?

Cybersecurity firms track several dozen ransomware groups around the world. Most are believed to operate in Russia and former Soviet republics such as Belarus, Ukraine, Kazakhstan and Latvia, according to the cybersecurity firm Recorded Future.

Their precise number is unknown, though it has steadily grown in the past couple of years. Recorded Future tracks about 15 Russian-speaking ransomware groups. Check Point, an American-Israeli security firm, monitors seven, including several responsible for major ransomware attacks in recent years.

Among them are DarkSide and REvil, the two groups behind the attacks on Colonial Pipeline and JBS, a major beef producer, respectively. REvil was behind some of the biggest ransomware attacks in the U.S. in 2020, according to Lotem Finkelstein, Check Point’s threat intelligence group manager.

“Maybe there are more, but we can only speculate,” Finkelstein said in an interview with VOA.

Babuk, another Russian-speaking ransomware family discovered early this year, has attacked at least five big entities, with one victim already paying the attackers $85,000 in ransom, according to the cybersecurity firm McAfee.  The Metropolitan Police Department of Washington, D.C., reportedly was another victim. 

The Russian-speaking ransomware groups follow an unwritten rule: As long as they avoid targets in Russia and other former Soviet republics, “they’re left to operate in peace by local authorities,” Recorded Future says.

Another rule of the game: Ransomware gangs work only with Russian-speaking partners.

What is known about ties between ransomware gangs and the Kremlin?

The Russian government has denied any involvement in the recent ransomware attacks on the U.S., and the precise ties between the ransomware groups and the Kremlin remain uncertain. While U.S. officials have accused Russian spy services of co-opting criminal hackers, they’ve been careful not to directly blame the Russian government for the recent attacks on Colonial Pipeline and JBS.

In the wake of the attack on the Colonial Pipeline, which sparked panic purchasing of gasoline and traffic congestion along the East Coast, President Biden has said that so far, there has been “no evidence based on, from our intelligence people, that Russia is involved, though there is evidence that the actors, ransomware, is in Russia.”

During a recent congressional hearing, FBI Director Christopher Wray said he could not publicly discuss the nexus between cybercriminals and the Russian actors. Nevertheless, he noted that the “most recent” ransomware attackers “are individuals who, perhaps not coincidentally, specifically target English-speaking victims.”

U.S. lawmakers go further, however, insisting that the attacks emanating from Russia could not take place without at least the Russian government’s tactic approval. Senator Mark Warner, the Democratic chairman of the Senate Intelligence Committee and co-chair of the bipartisan Senate Cybersecurity Caucus, said the cybercriminals operate “with the indirect acquiescence of the Russian government.”

“And don’t think for a moment that the Russia spy services, the Russian government isn’t watching and learning from the techniques of these cybercriminals,” Warner said during an interview on Washington Post Live on Monday.

The line between cybercriminals and state actors has blurred. Many Russia-based cybercriminals may be working for Russian spy services during the day and “moonlighting” as cybercriminals in the evening, Warner said.

How is the U.S. responding to the threat of ransomware?

With ransomware emerging as a national security threat, some lawmakers and cybersecurity experts are calling for a more aggressive U.S. response. The Justice Department’s recently formed ransomware task force recovered most of the $5 million of cryptocurrency paid by Colonial Pipeline. The effort to recover the ransom is important, experts say, but lawmakers warn it’s not enough to halt the larger problem.

“I believe we need to start thinking about going on the offense and hitting them back,” Republican Representative Michael McCaul said during a House Homeland Security hearing on the Colonial Pipeline cyberattack. “There should be consequences.”

Cybersecurity experts agree that a more vigorous government response is needed.

“I certainly think that there is a way and an opportunity to disrupt the aggressive threat actors that continue to cause havoc in the United States,” said Charles Carmakal, chief technology officer at the cybersecurity firm FireEye.

Ahead of Wednesday’s summit, Putin has suggested that one approach might be a mutual agreement to extradite cybercriminals between the U.S. and Russia. Biden said at the G-7 meeting that he was “open” to Putin’s idea, calling the offer “potentially a good sign of progress.”

National security adviser Jake Sullivan later clarified Biden’s statement, saying the president is “not saying he’s going to exchange cybercriminals with Russia” but that he agrees cybercriminals should be held accountable in both countries.

 

in U.S.
Related Posts

With Afghanistan’s Future at Stake, US Courts Pakistan | Voice of America

May 25, 2021

May 25, 2021

 PENTAGON/STATE DEPARTMENT/ISLAMABAD – More than three weeks into the U.S. withdrawal from Afghanistan, Washington’s plans to help ensure the country...

Senate Passes Bill to Boost US Tech Industry, Counter Rivals | Voice of America

June 9, 2021

June 9, 2021

The Senate overwhelmingly approved a bill Tuesday that aims to boost U.S. semiconductor production and the development of artificial intelligence...

New Robot ‘Mayflower’ Ship Begins Voyage Recreating Original Route | Voice of America

June 15, 2021

June 15, 2021

A fully autonomous ship named for the Mayflower, the ship that sailed to what is now the eastern U.S. state...

Democracy Imperiled Biden Warns, as He Pays Tribute to Nation’s War Dead | Voice of America

May 31, 2021

May 31, 2021

ARLINGTON, VIRGINIA – “Democracy itself is in peril – here at home and around the world,” U.S. President Joe Biden...

New Statue of Liberty Arrives in New York From France | Voice of America

June 30, 2021

June 30, 2021

A new, smaller version of the Statue of Liberty arrived Wednesday at Ellis Island in New York Harbor, a gift...

British Court to Rule on Assange Extradition Request

October 27, 2021

October 27, 2021

British Court to Rule on Assange Extradition Request

Meat Producer JBS Back Online After Cyberattack | Voice of America

June 2, 2021

June 2, 2021

Meatpacking giant JBS says it has made “significant progress” in resolving a cyberattack that affected its operations in North America...

JBS Settles Muslim Discrimination Lawsuit for $5.5 Million | Voice of America

June 9, 2021

June 9, 2021

DENVER, COLORADO – The second-largest producer of beef, pork and chicken in the U.S. will pay up to $5.5 million...

Questions Linger About Jan. 6 Capitol Riot | Voice of America

June 4, 2021

June 4, 2021

WASHINGTON – On the last Friday in May, a vote to establish a bipartisan commission to investigate the Jan. 6...

More Than 100 Deaths May Be Tied to Heat Wave in NW North America | Voice of America

July 1, 2021

July 1, 2021

More than 100 deaths in the Pacific Northwest of North America may have been caused by hyperthermia, authorities in the...

Microsoft Exec Says Targeting of Americans’ Records ‘Routine’ | Voice of America

June 30, 2021

June 30, 2021

WASHINGTON – Federal law enforcement agencies secretly seek the data of Microsoft customers thousands of times a year, according to...

Biden Orders Fresh Intelligence Report on COVID-19 Origin | Voice of America

May 26, 2021

May 26, 2021

WASHINGTON – Amid growing speculation that COVID-19 might have leaked from a Chinese laboratory, U.S. President Joe Biden on Wednesday...

US Attorney General Warns Ransomware ‘Getting Worse and Worse’ | Voice of America

June 10, 2021

June 10, 2021

U.S. Attorney General Merrick Garland warned Wednesday that ransom-motivated cyberattacks are “getting worse and worse,” echoing other top Biden administration...

As Taliban Dramatically Expands Territorial Gains, US Suggests Slower Afghan Pullout | Voice of America

June 22, 2021

June 22, 2021

ISLAMABAD – Fierce fighting continues to rage across Afghanistan, where officials reported Tuesday security forces had reversed some of the...

Key Democratic Senator Voices Opposition to Voting Law Reforms | Voice of America

June 7, 2021

June 7, 2021

WASHINGTON – A key U.S. centrist Democratic lawmaker, West Virginia Senator Joe Manchin, adamantly voiced his opposition Sunday to sweeping...