WASHINGTON – As President Joe Biden prepares his first meeting with Russia’s Vladimir Putin in Geneva on Wednesday, the White House says the ransomware threat will be a “major topic of conversation” between the two leaders.
Until a few years ago, ransomware was viewed primarily as a financial crime, hardly an issue that would dominate the first face-to-face meeting between Russian and American leaders.
But the issue was catapulted to the forefront of geopolitics last month after cyber criminals believed to be operating in Russia broke into the networks of a major U.S. pipeline operator and meat processor and claimed and received millions in ransom.
Although US officials have not accused the Russian government of being directly involved in the recent attacks, some lawmakers say that cybercriminals based in Russia often operate with the knowledge, if not complicity, of the Kremlin. They are demanding that Biden deliver a tough message to Putin to end the practice.
In a ransomware attack, cyber criminals encrypt a company or institution’s data and then demand a ransom in exchange for a decryption key and a promise not to reveal the data. Ransomware groups often offer their services to other hackers in exchange for part of the ransom. Experts say this has helped lure a growing number of otherwise inexperienced cybercriminals into the lucrative ransomware business.
Below are the answers to three key questions about Russia’s role in ransomware attacks:
What do we know about Russian speaking ransomware groups?
Cyber security firms are tracking dozen of ransomware groups around the world. Most are believed to be operating in Russia and former Soviet republics such as Belarus, Ukraine, Kazakhstan and Latvia, according to cybersecurity firm Recorded Future.
Their exact number is unknown, although it has been increasing steadily over the past few years. Recorded Future tracks around 15 Russian-speaking ransomware groups. Check Point, a US-Israeli security company, is monitoring seven, including several who were responsible for large-scale ransomware attacks in recent years.
These include DarkSide and REvil, the two groups behind the attacks on Colonial Pipeline and JBS, a large beef producer. Check Point’s Threat Intelligence Group Manager Lotem Finkelstein said REvil was behind some of the largest ransomware attacks in the US in 2020.
“Maybe there is more, but we can only speculate,” said Finkelstein in an interview with VOA.
Babuk, another Russian-speaking ransomware family discovered earlier this year, has attacked at least five large companies, according to cybersecurity firm McAfee, with one victim having already paid the attackers $ 85,000 in ransom. The Washington, DC Metropolitan Police Department is said to have been another victim.
The Russian-speaking ransomware groups follow an unwritten rule: as long as they avoid targets in Russia and other former Soviet republics, “the local authorities will operate them in peace,” says Recorded Future.
Another rule of the game: ransomware gangs only work with Russian-speaking partners.
What is known about links between ransomware gangs and the Kremlin?
The Russian government has denied any involvement in the recent ransomware attacks on the US, and the exact links between the ransomware groups and the Kremlin remain uncertain. While US officials are accusing Russian espionage services of co-opting criminal hackers, they have been careful not to hold the Russian government directly responsible for the recent attacks on Colonial Pipeline and JBS.
Following the attack on the Colonial Pipeline, which sparked panic buying of gasoline and traffic jams along the east coast, President Biden said that so far “there is no evidence that our intelligence officers are relying on Russia to be involved, although there is evidence to suggest that it is the actors, ransomware, are located in Russia. “
During a recent congressional hearing, FBI Director Christopher Wray said he could not openly discuss the link between cyber criminals and Russian actors. Still, he noted that the “latest” ransomware attackers are “people who, perhaps not by chance, target English-speaking victims.”
However, US lawmakers go further and insist that the attacks originating from Russia could not take place without at least the tactical approval of the Russian government. Senator Mark Warner, the Democratic chairman of the Senate Intelligence Committee and co-chair of the Senate’s bipartisan cybersecurity caucus, said the cybercriminals operate “with the indirect consent of the Russian government.”
“And don’t think for a moment that the Russian espionage services, the Russian government, are not observing and learning from the techniques of these cyber criminals,” Warner said in an interview with the Washington Post Live on Monday.
The line between cyber criminals and state actors is blurred. Many cyber criminals based in Russia could work for Russian espionage services during the day and “moonlight” as cyber criminals in the evening, Warner said.
How is the US responding to the ransomware threat?
As ransomware becomes a national security threat, some lawmakers and cybersecurity experts are calling for a more aggressive US response. The Justice Department’s recently established ransomware task force has recovered most of the $ 5 million cryptocurrency paid by Colonial Pipeline. Efforts to reclaim the ransom are important, experts say, but lawmakers are warning that it won’t be enough to stop the bigger problem.
“I think we need to start thinking about going on the offensive and fighting them back,” Republican MP Michael McCaul said during a House Homeland Security hearing on the Colonial Pipeline cyberattack. “There should be consequences.”
Cyber security experts agree that a more forceful government response is needed.
“I think there is a way and a chance to disrupt the aggressive threat actors that continue to wreak havoc in the United States,” said Charles Carmakal, chief technology officer at cybersecurity firm FireEye.
In the run-up to Wednesday’s summit, Putin suggested that one approach could be a friendly agreement to extradite cybercriminals between the US and Russia. At the G-7 meeting, Biden said he was “open” to Putin’s idea and called the offer “possibly a good sign of progress”.
National Security Advisor Jake Sullivan later elaborated on Biden’s testimony, saying the president was “not saying he will trade cybercriminals with Russia,” but agrees that cybercriminals should be held accountable in both countries.
source https://collegeeducationnewsllc.com/biden-putin-brace-for-possible-fight-over-ransomware-voice-of-america/
No comments:
Post a Comment