CSO spotlight: Ransomware

How ransomware runs the underground economy

Ransomware gangs are adopting all the core elements of legitimate businesses—including defined staff roles, marketing plans, partner ecosystems, and even venture capital investments—and some hallmarks of more traditional criminal enterprises.

CSO spotlight: Ransomware

Show More
1 2 Page 2
Page 2 of 2

Following another high-profile ransomware attack in July that impacted over a thousand companies from around the world, President Biden spoke with Russian President Vladimir Putin and declared himself optimistic about a collaboration on cyberattack issues, but he also hinted that the US is ready to attack servers used in ransomware attacks in retaliation. REvil, the group behind the attack, went silent shortly after, and Kaseya, the company whose software was hacked and was used to propagate the ransomware received the master decryption key from a source it didn't disclose, but referred to as "a trusted third-party."

If the diplomatic channels fail to produce results in the future and Russian law enforcement agencies don't act domestically, a more offensive approach might be required to discourage these groups and stop attacks before they make a lot of victims.

"If a foreign government is targeting you [the ransomware gang], that's it. There's nothing you can do," Ragan says. "You're dealing with an adversary that has unlimited time and resources. They will get you. I don't care how good you are. It's a realistic fear that these criminals have and I think that is what's causing the scurry. But here's the problem: The mere mention of sanctions, policies and things like this, sent them scrambling, right? What happens if there's no actual enforcement? What happens if these laws and policies come out, but they don't have teeth? Then the criminals come back and they'll come back stronger because now they know there's no teeth and no enforcement."

Hoffman sees an opportunity for the US to be more offensive in supporting businesses, noting that he’s not privy to the government’s domestic policy on offensive tactics. "Similar to other countries, the national infrastructure that's used for nation-state purposes is not available to combat commercial crime, but in this case we may have to make it available to reduce some of the strain on the businesses here, to become offensive.”

Cybercriminals don’t want to fight the government versus a company that's ill prepared. “So, if the full force of the national cyber infrastructure of the US comes to bear against the cybercrime world, which is exactly what the forum operators do not want, it could have a significant impact,” says Hoffman. “On the other hand, will that cause the 'cyber war' that's been pending between US and Russia down the road and then Russia's national cyber infrastructure will come to bear in a more apparent way against us? Maybe."

If the US government was the one who hacked the people behind DarkSide, took their Bitcoins, destroyed that infrastructure and wrecked those computers, then that's already pretty big, Krehel says. Imagine saying: We'll fly over your house, we're going to take every coin you have in the marketplace, we're going to take your private keys, we're going to destroy every server you ever touched, and we're going to put you on the wall so that if you attack any other business going forward you'll be a target for the rest of your life.

Copyright © 2021 IDG Communications, Inc.

1 2 Page 2
Page 2 of 2
Microsoft's very bad year for security: A timeline