The digital scourge known as ransomware – in which hackers shut down electronic systems until a ransom is paid – is worse than ever. Over the past few months, these attacks have leaked sensitive government data, disrupted the operations of hundreds of businesses, and even temporarily shut down one of the largest U.S. oil pipelines. . The latest cybergang on the street – Groove, a rogue criminal group that leaked 500,000 personal passwords – has threatened President Biden live. (Of course, it’s likely to be absolute.)
To combat the ransomware problem, the Biden administration has so far taken a two-pronged approach: coordinating diplomacy with cybercriminal countries and expanding domestic defenses. These are extremely important efforts. But to really solve the problem, authorities must also develop a strategy to attack – and fight back.
Diplomacy with Russia, even if it succeeds, will not be enough. Despite repeated requests from the Biden administration, there is no evidence that Russian President Vladimir Putin has taken any action to put pressure on ransomware criminals operating within Russia’s borders. Instead, after a brief hiatus in August, REvil, the Russian-speaking group that claimed responsibility for this summer’s attacks on multiple US businesses, has brought its servers back to life. online again.
While the strongest ransomware groups are believed to operate from Russia, other countries, including North Korea and Iran, are also major players, and cybercriminals from these countries are even more worrisome. The US has less diplomatic leverage over North Korea and Iran than Russia does. Both North Korea and Iran are already subject to far-reaching US sanctions, so gently demanding or even firmly insisting that they stop ransomware groups simply won’t work.
Purely defensive strategies will also fail. Cybersecurity expertise is expensive and in high demand in the United States. It is unrealistic to expect that every American hospital, school, fire department, and small business will be able to defend itself against sophisticated criminals. The task is too big.
Instead, a comprehensive anti-ransomware strategy must make it more difficult for criminal groups – and the countries that can fund them – to carry out attacks. An active campaign would target the operating background of ransomware criminals: their personnel, infrastructure, and money.
The United States has the ability to successfully conduct such operations. In 2015, US military and intelligence experts formed Task Force ARES and began a cyber campaign against the Islamic State while ground forces continued to drive the insurgents out of the country. Syria and Iraq. Digital activity targeted ISIS employees with misinformation, disrupting their networks and locking them out of their servers and web accounts. The task force significantly disrupted ISIS’s online activity and reduced its communications activities to its former glory within six months.
The United States should build on the model used by the ARES Task Force, targeting the technical and financial infrastructure of ransomware criminals. Such a campaign could reveal personal details about the perpetrators, take down the ransom payment server they are using to conduct the operation, seize their crypto wallets and possibly even give sophisticated bugs into their code to allow victims to unlock their data without paying a ransom.
Coupled with more aggressive law enforcement action as well as the threat of severe sanctions, this type of offensive strategy is America’s best way to prevent the onslaught of attacks originating from foreign countries. countries are more or less immune to diplomatic protests.
The United States should also target sabotage a ransomware financial model, which often relies on payments made through anonymous crypto wallets. Again, this is something America already knows how to do. After the ransomware attack in May on the Colonial Pipeline, which shut down 5,500 miles of pipeline along the East Coast, federal officials were able to recover most of the cryptocurrency-paid ransoms. .
The European Commission recently proposed regulation that would impose certain identification requirements on cryptocurrency payment systems. This is especially important because cryptocurrencies allow ransomware criminals to collect payments anonymously, reducing the possibility of being tracked by law enforcement. The US intelligence community and law enforcement agencies should push for similar changes.
Critics of this aggressive approach warn that it risks causing a dangerous escalation of force between states. But from the evidence so far, states rarely retaliate against cyberattacks with much greater force. A survey of incidents and responses between 2000 and 2014 found that cyber investigations are often focused on preventing or slowing an intrusion rather than escalating an attack. confrontation. Even if some escalation ensues, I believe it is an acceptable risk.
In the short term, the Biden administration is right to strengthen the defenses of the federal government and encourage private companies to do the same. But the US has to admit that it won’t be able to protect itself from the ransomware problem.