Ransomware Does Not Return. It’s Not Abandoned
After months of dramatic growth, two notorious ransomware gangs based in Russia, injury and anger, has been quiet for weeks this summer. The halt came as the White House and U.S. law enforcement vowed to fight ransomware and stand up to governments that seem to offer “safe harbor” to even the most unscrupulous gangs. That sleep is officially over.
REvil and Darkside launched formidable attacks in the first half of the summer against well-positioned IT services the Kaseya company, the east coast Colonial Pipeline fuel distribution system, ug provider worldwide JBS and others. As the effects climbed, and fresh to do a public-private forces the ransomware task at the end of April, U.S. law enforcement began to move. In June, the FBI tracked down and recovered more than $ 4 million worth of cryptocurrency paid by the Colonial Pipeline to Darkside. and the Washington Post reports this week the FBI removed the decryption key from REvil’s servers for the Kaseya ransomware, but did not release it so they could continue an operation against the gang’s infrastructures. REvil suddenly went offline before plan officials could act.
White House national security advisory representative Anne Neuberger even noticed at the beginning of August that BlackMatter-an apparent successor to Darkside with technical parity-was confident of avoiding critical infrastructure targets in its attacks. He suggested that the Kremlin may have listened to the requests and warnings made by President Joseph Biden about ransomware at the start of the summer.
“We’ve noticed a decrease in ransomware, and we consider it an important step in reducing the risk to Americans,” Neuberger added earlier this month. we expect that trend to continue. ”
As if it could not be. REvil and other gangs came back again after Labor Day weekend. Earlier this week, Russian hackers from BlackMatter launched a ransomware attack demanding $ 5.9 million from Iowa New Cooperative’s grain koowa – a critical infrastructure target key to the food supply. US. Meanwhile, on Monday the Cybersecurity and Infrastructure Security Agency, National Security Agency, and FBI released a combined alert that they have observed more than 400 attacks in total over time using Conti ransomware, distributed by a Russia-based ransomware-as-a-service gang involved last year rapid hospital attack.
The U.S. government has pushed for a comprehensive ransomware response. On Tuesday, the Treasury Department said it would be punished the Suex cryptocurrency exchange for alleged involvement in ransom laundering. The Treasury also said all victims of ransomware should contact the department before deciding to pay a ransom to avoid violating penalties, a call that is in line with the White House’s increased efforts to expose the victims if they are hit by ransomware. The U.S. doesn’t have a central sette that shows every attack, and companies always want to silence incidents if possible.
Hackers seem ready and willing to adapt U.S. enforcement efforts. Some groups are starting to be active warns victims not to disclose attacks on a government, threatening to release stolen files if targets report the situation. And the gangs may have just used their time underground to devise strategy, reassemble, and retool as the fallout from high-profile attacks blew up.
“It’s really a long game – once you have a group that says they’re gone, there’s someone behind them to get in,” said Katie Nickels, director of intelligence at security firm Red Canary . “And even though in July and August it seems like the numbers may not be short, there are still daily attacks and victim data posted on dark web sites on a daily basis. That’s why The good news is that the United States government seems to be taking action and making it a priority; it is too early to declare victory. “