[ad_1]
A message appears in crude, Google Translate English, advising that all your files have been encrypted — rendered unusable — and can be restored only if you pay a ransom.
After some back and forth, you pay out in Bitcoin or some other cryptocurrency, most likely to a Russian-based gang. There’s no choice: It’s cheaper and far quicker to pay up than to rebuild a computer system from scratch. To avoid further trouble or embarrassment, many victims don’t even notify the police.
A few years ago, the ransom may have been a few hundred bucks. In early May, Colonial Pipeline shelled out $5 million to the DarkSide ransomware gang to get oil flowing through its pipes again. (Some was recovered by the Justice Department.) In June, the meat processor JBS paid $11 million to the Russian-based REvil (Ransomware Evil) gang. About a month ago REvil came back to score what may be the biggest attack yet, freezing the systems of about a thousand companies after hacking an IT service provider they all used. The ask this time was $70 million. The criminals behind ransomware have also evolved, expanding from lone sharks to a business in which tasks are farmed out to groups of criminals specializing in hacking, collecting ransom or marshaling armies of bots. Ransomware attacks can cripple critical infrastructure like hospitals and schools and even core functions of major cities. Using methods as simple as spoof emails, hackers can take over entire computer systems and pilfer personal data and passwords and then demand a ransom to restore access.
In about a dozen years, ransomware has emerged as a major cyberproblem of our time, big enough for President Joe Biden to put it at the top of his agenda with Russia’s president, Vladimir Putin, when they met in June and for lawmakers in Congress to be working on several bills that would, among other things, require victims to report attacks to the government.
It is a war that needs to be fought, and won. While the extortion business is run by a relatively small network of criminals seeking windfall profits, their ability to seriously disrupt economies and to breach strategically critical enterprises or agencies also makes them a formidable potential threat to national security. The Colonial Pipeline attack created an almost instant shortage of fuel and spread panic in the southeastern United States.
Big strikes make the big news, but the main prey of the ransomware gangs is the small to medium enterprise or institution that is devastated by the disruption of its computers and the ransom payment. How many have been hit is anybody’s guess — unlike breaches of personal information, the law does not require most ransomware attacks to be reported (though that is another thing Congress may soon change).
The FBI Internet Crime Report for 2020 listed 2,474 attacks in the United States, with losses totaling more than $29.1 million. The reality is probably of a different magnitude. The German data-crunching firm Statista has estimated that there were 304 million attacks worldwide in 2020, a 62% increase over 2019. Most of them, Statista said, were in the professional sector — lawyers, accountants, consultants and the like.
Whatever the true scope, the problem will not be solved with patches, antivirus software or two-factor authentication, though security experts stress that every bit of protection helps. “We’re not going to defend ourselves out of this problem,” said Dmitri Alperovitch, chair of Silverado Policy Accelerator and a leading authority on ransomware. “We have too many vulnerabilities. Companies that are small, libraries, fire departments will never afford the required security technology and talent.”
The battle must be joined elsewhere, and the place to start is Russia. That, according to the experts, is where the majority of attacks originate. Three other countries — China, Iran and North Korea — are also serious players, and the obvious commonality is that all are autocracies whose security apparatuses doubtlessly know full well who the hackers are and could shut them down in a minute. So the presumption is that the criminals are protected, either through bribes — which, given their apparent profits, they can distribute lavishly — or by doing pro bono work for the government or both.
It’s clear that the ransomware gangs take care not to target the powers that shelter them. Security analysts found that REvil code was written so that the malware avoids any computer whose default language is Russian, Ukrainian, Belarusian, Tajik, Armenian, Azerbaijani, Georgian, Kazakh, Kyrgyz, Turkmen, Uzbek, Tatar, Romanian or Syriac.
Finding the criminals is not the problem. The U.S. government has the wherewithal to identify and arrest would-be cyberblackmailers on its own soil and to help allies find them on theirs. In fact, Washington has identified and indicted many Russian cybercriminals — the FBI, for example, has offered a reward of $3 million for information leading to the arrest of one Evgeniy Bogachev, aka “lucky12345,” a master hacker in southern Russia whose malware has led to financial losses of more than $100 million.
The key is to compel Putin to act against them. At his summit with him in June, Biden said he demanded that Russia take down the ransomware gangs it harbors and identified 16 critical sectors of the American economy on which attacks would provoke a response.
Yet two weeks later, REvil made the biggest strike ever, hacking into Kaseya, a firm that supplies management software for the IT industry, and attacking hundreds of its small-business customers. That led Biden to telephone Putin and to say afterward that “we expect them to act.” Asked by a reporter whether he would take down REvil’s servers if Putin did not, Biden simply said, “Yes.” Shortly after that, REvil abruptly disappeared from the dark web.
Tempting as it might be to believe that Biden persuaded the Russians to act or knocked the band’s servers out with American means, it is equally possible that REvil went dark on its own, intending, as happens so often in its shadowy world, to reappear later in other guises.
So long as the hackers focus on commercial blackmail abroad, Putin probably sees no reason to shut them down. They do not harm him or his friends, and they can be used by his spooks when necessary. Unlike the “official” hackers working for military intelligence who have drawn sanctions from Washington and Europe for meddling in elections or mucking around in government systems, Putin can deny any responsibility for what the criminal gangs do. “It’s just nonsense. It’s funny,” he said in June when asked about Russia’s role in ransomware attacks. “It’s absurd to accuse Russia of this.”
The Russians apparently also believe they can parlay their control over the ransomware gangs into negotiating leverage with the West. Sergei Rybakov, the deputy foreign minister who leads the Russian side in strategic stability talks launched at the Biden-Putin summit, indicated as much when he complained recently that the United States was focusing on ransomware separately from other security issues. Ransomware, he implied, was part of a bigger pile of bargaining chips.
That, said Alperovitch, suggests that Putin does not appreciate how seriously the new American president takes ransomware. For reasons still unclear, Donald Trump as president was prepared to give Putin carte blanche for any cybermischief. Biden, by contrast, sees himself as the champion of small business and the middle class, and it is there that ransomware hurts the most.
Writing in The Washington Post, Alperovitch and Matthew Rojansky, an expert on Russia who heads the Kennan Institute at the Wilson Center, argued that Biden should confront Putin with a clear message: Crack down or else. If the Russians do not, the authors wrote, the Biden administration “could hit Russia where it hurts by sanctioning its largest gas and oil companies, which are responsible for a significant portion of the Russian government’s revenue.”
Drawing red lines for Russia does not usually work. The message would best be delivered privately, so that Putin would not be challenged to publicly back down before the United States. It is possible that Biden has already delivered such a message. If so, he should be prepared to follow through.
The other critical factor in ransomware is cryptocurrency. By no coincidence, there were few ransomware attacks before Bitcoin came into being a dozen years ago. Now, cybercriminals can be paid off in a currency that’s hard to track or recover, though the U.S. government managed to do just that when it recuperated $2.3 million of the Colonial Pipeline stash.
Cryptocurrency is reportedly one of the issues addressed in legislation soon to be introduced by the Senate Homeland Security Committee. Congress is also being urged by federal law enforcement agencies to pass a law compelling companies in critical industry sectors hit by a cyberattack to inform the government, and a host of other anti-ransomware legislation is in the works.
Mounting a multifront attack against ransomware will take time and effort. Devising ways to control cryptocurrency is bound to be complex and fraught. Companies will be reluctant to damage their brand by acknowledging that they have been hacked or have paid ransom, and lawmakers have been traditionally wary of passing laws that impose burdens on businesses.
But letting Russian hackers continue to wreak havoc on America’s and the world’s digital infrastructure with impunity is an immediate and critical challenge. If this is not stopped soon, further escalation — and the growth of organized cybercrime syndicates in other dictatorships — is all but certain.
Putin must be made to understand that this is not about geopolitics or strategic relations but about a new and menacing form of organized crime. That is something every government should seek to crush. If he refuses, Putin should know that he will be regarded as an accomplice and be punished as such.
[ad_2]
Source link