The U.S. has spent recent years strengthening its efforts to combat ransomware, yet that specific type of cyber attack remains a problem, with new strains that are harder to attribute and incident reporting gaps that leave questions. Even so, at the same time, there may be new reasons for optimism.
Ransomware has spiked in public awareness of late, with high-profile incidents such as the 2021 Colonial Pipeline panic, and it continues to cause new problems for local government, in places ranging from Dallas to Spartanburg County, S.C. As a result, federal efforts to fight these attacks are ongoing, and they have frequently aligned with the recommendations of the Ransomware Task Force (RTF), a public-private collaboration whose members have previously included the now-acting National Cyber Director Kemba Walden.
RTF released a 2021 report detailing the global ransomware landscape with proposals for how nations could work to disrupt it in long-lasting ways, and the U.S. has made at least some progress on most of the recommendations in that report, speakers said during a recent event hosted by the Institute for Security and Technology (IST), which coordinates the RTF. Among the wins: international partnerships have disrupted some perpetrators, and the U.S. has started pre-emptively warning organizations when they have vulnerabilities that are susceptible to ransomware actors.
Federal security and cybersecurity officials said they want to compel cryptocurrency entities and cloud services providers to keep cyber criminals off their services. Anne Neuberger, U.S. deputy national security adviser, said the U.S. is also mulling a ban on ransomware payments, with exemptions granted to some essential organizations.
But its unclear if any of this marks a lasting shift away from ransomware. The drop in such attacks against the U.S. may have been driven by world events, with Russias war against Ukraine diverting the attention of cyber crime groups in the region, the RTF said.
Officials are cautious about describing the landscape, but some tentatively suggest hope.
The rate of ransomware attacks seems to be somewhat stabilizing, and, I think a level, plateau, steady state is where we've been, said David Ring, head of the FBI Cyber Divisions private-sector engagement and cyber criminal intelligence missions.
However, Allan Liska, intelligence analyst at the threat intelligence platform provider Recorded Future, said the situation remains murky.
We think ransomware attacks have seen a resurgence in 2023, after dipping a little bit in 2022," Liska said, "... but the answer is that we dont know, because theres not enough incident reporting to get a clear picture.
Regardless of the number of attacks, those that do successfully hit can be punishing. Ransomware continues to strike U.S. hospitals, schools and local governments.
Fully understanding the ransomware landscape is challenging, because reporting requirements are often nonexistent or fragmented, making it hard to get a complete view, Liska said. Even the FBI believes it only received victim reports on about 20 percent of Hive ransomware attacks, Ring said.
Michael Phillips RTF co-chair and chief claims officer at cyber insurance provider Resilience said organizations fear being stigmatized if they admit to suffering a ransomware attack, and they also want a standardized way to report. That latter step would make it easier for victims to inform authorities promptly, while theyre still in crisis mode dealing with the effects of an attack.
Mandatory reporting requirements are forthcoming for some sectors under the Cyber Incident Reporting For Critical Infrastructure Act (CIRCIA), which passed in 2022. But the Cybersecurity and Infrastructure Security Agency (CISA) is still paving the way for its implementation, and CISA Chief Strategy Officer Valerie Cofield said we won't see the fruits of that legislation for a couple of years.
Screenshot
Prior years have seen ransomware-as-a-service (RaaS) models proliferate, in which developers create the malware while other cyber criminals called affiliates deploy it and share some of the extortion profits.
We're now seeing a lot of threat actors move away from there, Liska said.
Ransomware code is increasingly leaked and stolen, leading to some new variants that include other ransomware groups code. Liska calls these variants Franken-ransomware and said the code recycling makes it difficult to determine whos actually behind attacks.
That kind of fracturing of the ransomware market has made it harder for us to track and identify what the growing strains are [or] even [identify] who hit us? Liska said. I get this question all the time now Hey, we got hit by this, do you know what it is? Because theres no name in the ransom note, just some random email address. Thats a real challenge for incident response and even for reporting.
The U.S. has made strides in the past year toward building intergovernment and public-private collaborations around disrupting ransomware as well as in working to address risks from cryptocurrency entities that facilitate perpetrators payments, per the RTFs report. The U.S. also deepened its focus on reporting and information sharing.
The U.S. has now made significant progress on 50 percent of the task forces 48 recommendations and some progress on 92 percent of them. Thats up from May 2022, when IST CEO Phil Reiner reported significant progress on 25 percent and some progress on 88 percent.
More remains to be done, even on areas that are showing progress. U.S. Rep. Elissa Slotkin called for ensuring crypto exchanges, kiosks and trading desks follow Know Your Customer (KYC) and anti-money laundering practices.
There are gaps in our crypto regulations, and these gaps allow bad actors to evade the law, Slotkin said in pre-recorded remarks.
Acting National Cyber Director Kemba Walden said multipronged efforts can help make ransomware less profitable and less easy for perpetrators to conduct. Addressing illicit cryptocurrency use can disrupt the flow of profits, while requiring cloud services providers to follow KYC practices could help hamper ransomware operations by preventing nefarious use of this digital infrastructure.
Pushing for software and hardware to be secure-by-design and secure-by-default could also make the U.S. more cyber secure overall and do so in a way that lifts the responsibility off of small players and end users, Walden said.
Screenshot
When we talk about, potentially, countering Chinese malicious cyber activity, there are some countries who will say, We don't want to do that publicly, Neuberger said.
The U.S. and its partners have been trying a variety of disruptive efforts and are working to assess just how impactful any of these strategies are, Neuberger said. For example, the U.S. and international partners took actions against the Hive ransomware gang and dark web marketplace Genesis Market. Those included seizing Hive servers and decryption keys as well as 11 of Genesis Marketplaces domain names. But questions of effectiveness remain:
We know it has a disruptive impact for how long? Neuberger said. How do we extend how long that lasts? How do we ensure these disruptions have foundational impact on the infrastructure, on the people, on the money laundering networks, that makes this possible and that drive it?
Whether organizations should be allowed to pay ransom is a tricky question. The U.S. is actively discussing whether to issue a broad ban against this practice, while allowing case-by-case exemptions for essential entities, Neuberger said.
A question that weve grappled with both within the U.S. government and bilaterally, as well as multilaterally is, do we ban ransomware, with a waiver? Neuberger said.
Paying extortion makes the attacks profitable, enabling and encouraging more ransomware. But when victims are critical entities, not paying risks leaving their essential services going down for longer.
For an individual entity, it may be they make a decision to pay. But for the larger problem of ransomware, that is the wrong decision, Neuberger said. Now, there may be an individual entity a major hospital, an emergency services that we just are committed to bringing the services back up as quickly as possible. So [when] we think about banning ransom payments, we asked, Would we do so with a waiver e.g., notifying [and] asking the permission of the relative U.S. government?
The RTFs 2021 report warned that imposing a full ban on ransom payments might prompt perpetrators to initially test this resolve and ramp up their attacks against essential organizations like health-care providers, local governments and other custodians of critical infrastructure.
As such, any intent to prohibit payments must first consider how to build organizational cybersecurity maturity, and how to provide an appropriate backstop to enable organizations to weather the initial period of extreme testing, that report read.
The 2021 RTF report recommended nations require victims to avoid paying unless theyd first conducted a cross-benefit analysis to confirm that doing so would really be worthwhile. Victims should also have to consider alternative options before choosing to pay. Sometimes data is recoverable elsewhere or decryption keys are already available, for example.
Screenshot
For example, the program in February warned 93 critical infrastructure owners and operators about a Microsoft Exchange ProxyNotShell vulnerability and has since seen a 30 percent uptick in patching that vulnerability, Cofield said.
The past two years have also seen ransomware victims become more trusting of federal government support, with the FBIs Ring saying victims are more likely to report attacks.
Two years into this, I think the conversation has shifted to, rather than, Should we report this to law enforcement? to When should we report this to law enforcement?, which is a small change, but a very, very significant change in terms of how people think, Ring said.
Read the rest here:
Report: U.S. Making Progress in Fight Against Ransomware - Government Technology
- No Rest For the Wicked | Review In Progress - XboxEra - April 27th, 2024 [April 27th, 2024]
- Maine made progress in wages and productivity, but still faces shrinking labor force - Press Herald - April 27th, 2024 [April 27th, 2024]
- The Progress Report: How 4 Schools Are Teaching Kids to Read and Seeing Success - Voice of San Diego - April 27th, 2024 [April 27th, 2024]
- PROGRESS MADE IN COLE REHAB? - Bleeding Yankee Blue - April 27th, 2024 [April 27th, 2024]
- Pollution or Progress? What's Next for LNG Development in the Rio Grande Valley - Progress Texas - April 27th, 2024 [April 27th, 2024]
- Lykos Therapeutics Makes Progress in Europe - The Dales Report - April 27th, 2024 [April 27th, 2024]
- Adelaide Film Fest Picks Five Works in Progress for Cannes Showcase, With Giant, Drafthouses Mockbuster Making the Cut (EXCLUSIVE) - Variety - April 27th, 2024 [April 27th, 2024]
- Washington says real progress needed before restoring UNRWA funding - The Times of Israel - April 27th, 2024 [April 27th, 2024]
- LIGA Provides Further Guidance: Engages Audit Firm and Making Progress in Search for CEO and Management Team - Yahoo Finance - April 27th, 2024 [April 27th, 2024]
- Forest Health Council Reports Progress Toward Community Wildfire Resiliency-Greg Felt Talks Wildfire Mitigation with ... - Heart of the Rockies Radio - April 27th, 2024 [April 27th, 2024]
- Football notes: Robert Livingston pleased with progress of CU Buffs defense - BuffZone - April 27th, 2024 [April 27th, 2024]
- Spencer Hospital Emergency Department Project Continuing to Progress - KICD - April 27th, 2024 [April 27th, 2024]
- Proof-of-Concept Exploit Released for Progress Software OpenEdge Vulnerability - The Hacker News - March 16th, 2024 [March 16th, 2024]
- Progress being made on fire alarms, Oswego town supervisor says - oswegocountynewsnow.com - March 16th, 2024 [March 16th, 2024]
- Progress on the Boyertown Express featured at Dinner - Berks Weekly - March 16th, 2024 [March 16th, 2024]
- Fire Crews Stop Forward Progress of Two-Acre Brush Fire Near Vandenberg - Santa Barbara Edhat - March 16th, 2024 [March 16th, 2024]
- Hopewell plans to install speed cameras at three city schools - Progress Index - March 16th, 2024 [March 16th, 2024]
- New numbers on progress of penny sales tax - The Post and Courier - March 16th, 2024 [March 16th, 2024]
- Long Island woman who survived acid attack continues to make progress in recovery - PIX11 New York News - March 16th, 2024 [March 16th, 2024]
- Beam marks progress toward bringing 1st-ever MLS team to San Diego - NBC San Diego - March 16th, 2024 [March 16th, 2024]
- McKone: Irish-American progress and paradoxes | Perspective | timesargus.com - Barre Montpelier Times Argus - March 16th, 2024 [March 16th, 2024]
- Big East reportedly making a lot of progress on media rights deals with CBS, Fox - Awful Announcing - March 16th, 2024 [March 16th, 2024]
- Berrien County farmers note slow progress on the new Farm Bill - News/Talk/Sports 94.9 WSJM - March 16th, 2024 [March 16th, 2024]
- END OF SESSION: Sen. Crider and Rep. Cherry reflect on progress made during the legislative session - Greenfield Daily Reporter - March 16th, 2024 [March 16th, 2024]
- Vowles being patient with Sargeant but expects to see "progress" - RaceFans - March 16th, 2024 [March 16th, 2024]
- Inflation ticked up in February, reversing some prior progress - ABC News - March 16th, 2024 [March 16th, 2024]
- Latest NEOM progress video of The Line is indicator of scale - Supercar Blondie - March 16th, 2024 [March 16th, 2024]
- Statewide Impact of Ohio Intel ProjectEvident in Initial Progress Report - Scioto Post - March 16th, 2024 [March 16th, 2024]
- SpaceX makes significant progress with third Starship orbital test flight - TechCrunch - March 16th, 2024 [March 16th, 2024]
- UPDATE: Forward progress stopped on vegetation fire near Lompoc - KSBY News - March 16th, 2024 [March 16th, 2024]
- Lady Rattlers and Diamondbacks ready to roll - Progresstimes - March 16th, 2024 [March 16th, 2024]
- SpaceX celebrates major progress on the third flight of Starship - Ars Technica - March 16th, 2024 [March 16th, 2024]
- Helldivers 2 Galactic War live map: Track status and progress with this Liberty-approved web app - Windows Central - March 16th, 2024 [March 16th, 2024]
- Pittsburgh police will only respond to calls of in-progress emergencies as part of new staffing plan - Police News - March 16th, 2024 [March 16th, 2024]
- A year of achievement, rebuilding and progress for utilities - Yoursun.com - March 16th, 2024 [March 16th, 2024]
- Trkiye: No Direct Dialogue with Damascus, No Progress in Normalization - Asharq Al-awsat - English - March 16th, 2024 [March 16th, 2024]
- A WORK IN PROGRESS | News | shelbynews.com - Shelbynews - March 16th, 2024 [March 16th, 2024]
- From recurrent networks to GPT-4: Measuring algorithmic progress in language models - Tech Xplore - March 16th, 2024 [March 16th, 2024]
- U.S. Inability To Address Nuclear Waste Harms Environmental Progress - Newsweek - March 16th, 2024 [March 16th, 2024]
- Park Progress - Greater Wilmington Business Journal - March 16th, 2024 [March 16th, 2024]
- SF supervisor to hold hearing on homeless-shelter progress | Housing | sfexaminer.com - San Francisco Examiner - March 16th, 2024 [March 16th, 2024]
- 'It's good to see progress being made on the site': Revised vision for Liberty Theater property in Libertyville - Daily Herald - March 16th, 2024 [March 16th, 2024]
- Diversity Among Emmy Winners Is a Result of Industry Progress - TheWrap - January 18th, 2024 [January 18th, 2024]
- What would Dr. King say about progress and 2024? - The Chicago Cusader - January 18th, 2024 [January 18th, 2024]
- Police: Petersburg woman reportedly used hammer to hit her boyfriend - Progress Index - January 18th, 2024 [January 18th, 2024]
- Spokane County crews make great progress ahead of another storm system - AOL - January 18th, 2024 [January 18th, 2024]
- Lady Tigers Split Last Weeks Game's Lexington Progress - lexingtonprogress.com - January 18th, 2024 [January 18th, 2024]
- Lexington Police Investigate Shooting at Walmart Lexington Progress - lexingtonprogress.com - January 18th, 2024 [January 18th, 2024]
- Scotts Hill Lions Dominated Last Week Lexington Progress - lexingtonprogress.com - January 18th, 2024 [January 18th, 2024]
- Older Couple Rescued From Submerged Vehicle Lexington Progress - lexingtonprogress.com - January 18th, 2024 [January 18th, 2024]
- Fore-ward Progress | Bintelli's new River Ridge facility to focus on making electric golf carts - WDRB - January 18th, 2024 [January 18th, 2024]
- VIDEO: Project manager gives update on Glenn McConnell Widening progress - Live 5 News WCSC - January 18th, 2024 [January 18th, 2024]
- Truck driver sentenced for trafficking cocaine to Prince George County - Progress Index - January 18th, 2024 [January 18th, 2024]
- After decades of little progress, Milwaukee begins new approach to improve lives of Black men and boys - madison365.com - January 18th, 2024 [January 18th, 2024]
- Women are bored of waiting: Slow progress on shattering the glass ceiling on company boards - I by IMD - I by IMD - January 18th, 2024 [January 18th, 2024]
- Now Accepting Applications for the 2024 Progress Software Mary Szkely Scholarship for Women in STEM - GlobeNewswire - January 18th, 2024 [January 18th, 2024]
- "Some progress made" at Onslow BOE meeting, according to number of parents - WCTI12.com - January 18th, 2024 [January 18th, 2024]
- Spokane County crews make great progress ahead of another storm system - Nonstop Local - January 18th, 2024 [January 18th, 2024]
- DeSantis took credit for Florida's progress but Iowa may have sniffed out his bravado | Opinion - Yahoo News Canada - January 18th, 2024 [January 18th, 2024]
- Has the Israeli Military Made Progress in Its Goal of Destroying Hamas? : State of the World from NPR - NPR - January 18th, 2024 [January 18th, 2024]
- Jan. 19 Panel Examines 30-Year Progress of Women in Research - Mirage News - January 18th, 2024 [January 18th, 2024]
- Ducks' Midseason Check-in: Progress, Improvement Areas & More - The Hockey Writers - January 18th, 2024 [January 18th, 2024]
- Companies are hiding their climate progress. A new report explains why. - Grist - January 18th, 2024 [January 18th, 2024]
- Lou Leonatti With Progress Mexico Gives Hospital Bankruptcy Hearing Update On AM 1340 KXEO Am I Awake Morning Show - KXEO - January 18th, 2024 [January 18th, 2024]
- Seaside Heights Wants to See Progress From Developers, Will Investigate 'Bamboo' Property - Shorebeat - January 18th, 2024 [January 18th, 2024]
- Progress over perfection: Is Coach modelling a path for fashion transformation? - Vogue Business - January 18th, 2024 [January 18th, 2024]
- Watch the video of the Edmonds armed robbery in progress - MyNorthwest - January 18th, 2024 [January 18th, 2024]
- Albemarle County house burns to the ground in late night fire - The Daily Progress - January 18th, 2024 [January 18th, 2024]
- GHDDI and Microsoft Research use AI technology to achieve significant progress in discovering new drugs to treat ... - Microsoft - January 18th, 2024 [January 18th, 2024]
- Henderson County Suspects Apprehended in Trenton Lexington Progress - lexingtonprogress.com - January 18th, 2024 [January 18th, 2024]
- HCFD Reports Lowest Number of Residential Fires - lexingtonprogress.com - January 18th, 2024 [January 18th, 2024]
- Unlocking The Future: CAGA's Progress In Web3 And Blockchain Innovation - Benzinga - January 18th, 2024 [January 18th, 2024]
- Underwhelming performance: Quarterbacks still a work in progress - Daily O'Collegian - September 3rd, 2023 [September 3rd, 2023]
- Governor Hochul Announces Progress in Increasing MTA Accessibility - ny.gov - September 3rd, 2023 [September 3rd, 2023]
- A progress report: The columnist's garden in September - Kennebec Journal and Morning Sentinel - September 3rd, 2023 [September 3rd, 2023]
- September 2023: Innovative researchers celebrate scientific ... - Environmental Factor Newsletter - September 3rd, 2023 [September 3rd, 2023]
- Progress over perfectionism - Lynn University - September 3rd, 2023 [September 3rd, 2023]
- Signs of progress on new Folsom Medical Office Building - UC Davis Health - September 3rd, 2023 [September 3rd, 2023]
- LA District FUDS team makes progress on Nellis Remedial Action ... - spl.usace.army.mil - September 3rd, 2023 [September 3rd, 2023]
- UFC Fight Night 226 winner Volkan Oezdemir pleased with progress after training with Khamzat Chimaev - Yahoo Sports - September 3rd, 2023 [September 3rd, 2023]