[ad_1]
In the months since President Biden warned Russia‘s Vladimir Putin he he needed to take down ransomware gangs her There hasn’t been a major attack that caused fuel shortages like last May. But it’s a small comfort Ken Trzaska.
president of Trzaska Lewis & Clark Community College, a small Illinois school that canceled classes for days after a ransomware attack that disabled critical computer systems last month.
“that first day” Trzaska “I think we were all probably on our feet for more than 20 hours, just going through the process, trying to put our arms around what was going on.”
The problem hasn’t gone away, even if the United States isn’t currently enduring large-scale, front-page ransomware attacks earlier this year that targeted the global meat supply or prevented millions of Americans from filling gas tanks. In fact, the attack on Trzaska’s college was part of a barrage of low-profile incidents that upset businesses, governments, schools and hospitals that were hit.
This college‘s ordeal reflects the challenges the Biden administration has faced in eliminating the threat and the uneven progress it has made in doing so since ransomware became a pressing national security concern last spring.
US officials recovered some ransom payments, debunked cryptocurrency abuses, and made some arrests. Spy agencies have launched attacks against ransomware groups, forcing US federal, state, and local governments, as well as private industries, to step up protections.
Just six months later Biden‘s advice PutinIt’s hard to say that hackers have eased due to US pressure. Ransomware criminals continue to attack on a smaller scale. Russia with seemingly impunity. Administration officials have made conflicting assessments as to whether or not it exists. Russiahis behavior has changed since last summer. Complicating matters further, ransomware is now in the US-Russia agenda, Washington focused on deterrence Putin from invading Ukraine.
The White House said in a statement that it was determined to “fight all ransomware” through its various tools, but that the government’s response was dependent on the severity of the attack.
“Some are law enforcement-related, some are high-impact, devastating ransomware activity and pose a direct national security threat that requires other measures,” the White House said in a statement.
The ransomware attacks, in which hackers locked victims’ data and demanded exorbitant sums to return it, emerged as a national security emergency for the administration after a May attack on the Colonial Pipeline, which supplies nearly half of the fuel consumed on the East Coast.
The attack caused the company to cease operations and caused gas shortages for days, but the service resumed after the company paid a ransom of more than $4 million. Shortly after, an attack came on meat processor JBS, which paid a ransom of $11 million.
Biden met with Putin in Geneva in June, he He said critical infrastructure sectors should be “off-limits” for ransomware, and that the US should know if we have a “cybersecurity regulation that’s starting to bring some order” in six months to a year.
he Days after a massive attack on a software company called Kaseya that affected hundreds of businesses, he echoed the message in July, saying: he expected Russia Taking action against cybercriminals when the US provides enough information to do so.
Since then, there have been some notable attacks from groups believed to be based. RussiaIncluding those against the Sinclair Broadcast Group and the National Rifle Association, but none of the results or effects from last spring or summer are the same.
One reason may be increased scrutiny or fear of the US government.
In September, the Biden administration approved a Russia-based virtual currency exchange that officials say is helping ransomware gangs launder money. Last month, the Ministry of Justice announced charges against a suspected Ukrainian ransomware operator who was arrested in Poland and reclaimed millions of dollars in ransom payments. General Paul Nakasone, head of the US Cyber Command, told The New York Times that his agency has launched offensive operations against ransomware groups. The White House says “all government” efforts will continue.
“I think the ransomware folks, those who run them, are backing off like, ‘Hey, if we do this, it’s going to cause the US government to come after us,'” said Kevin Powers, security strategy consultant at the cyber risk firm. CyberSaint talked about attacks on critical infrastructure.
U.S. officials meanwhile shared a small number of suspected ransomware operators with Russian officials who said they were starting an investigation, according to two people familiar with the matter who were not authorized to speak publicly.
it is not clear what Russia Kremlin spokesman Dmitry Peskov said that “a functioning mechanism has been established and is actually working,” although he insists the countries are engaged in a useful dialogue.
It is also difficult to quantify the impact of individual arrests on the overall threat. The suspected ransomware hacker was arrested in Poland and awaited extradition to the United States, while another indicted by federal prosecutors was later reported to be living in comfort by a British tabloid. Russia and driving luxury cars.
Some are skeptical about tying any drop in high-profile attacks to US efforts.
“It could have been a coincidence,” said Dmitri Alperovitch, former chief technology officer at cybersecurity firm Crowdstrike. asking said Russia Preventing large-scale attacks won’t work because “it’s a very elaborate request to calibrate criminal activity that they don’t fully control.”
Top US officials have since given conflicting answers about ransomware trends. Bidendiscussions with Putin. Some FBI and Justice Department officials say they see no change in Russian behavior. National Cyber Director Chris Inglis said there has been a noticeable decrease in attacks, but it is too early to tell why.
While the number of attacks is difficult to pin down due to the lack of basic information and unequal reporting from victims, the absence of disruptive incidents is an important signal for a White House trying to focus its attention on the most important national security risks and devastating violations.
Victims of ransomware attacks over the past few months have included hospitals, small businesses, colleges like Howard University, which briefly disabled their systems after discovering a September attack, and the Virginia legislature.
President Trzaska said the attack at Lewis & Clark in Godfrey, Illinois was discovered two days before Thanksgiving, when the school’s IT administrator detected suspicious activity and proactively disabled the systems.
A ransom note demanded payment from the hackers, but Trzaska refused to reveal the total or identify the culprits. Although many attacks come from hackers Russia or Eastern Europe, some coming from elsewhere.
When vital education systems, including email and the school’s online learning platform, were affected, administrators canceled classes for the days after the Thanksgiving holiday and forwarded updates to students via social media and a public alert system.
This collegeIt has resumed operations this month, with backups on the vast majority of its servers.
The ordeal was daunting enough to inspire Trzaska and another university president, who she says has endured a similar experience to plan a cybersecurity panel.
“Equity offer from everyone” Trzaska “It’s not whether it will happen, it’s when,” he said.
[ad_2]
Source link