Biden and Putin Prepare for Possible Ransomware Fight | Voice of America


WASHINGTON – As President Joe Biden prepares for his first meeting with Russian Vladimir Putin on Wednesday in Geneva, the White House said the ransomware threat would be an “important topic” of conversation between the two leaders.

Until just a few years ago, ransomware was widely viewed as a financial crime, an issue that hardly dominated the first face-to-face meeting between Russian and American leaders.

But the issue was catapulted to the forefront of geopolitics last month after cybercriminals suspected of operating in Russia breached the networks of a major U.S. pipeline operator and meat processor, demanding and receiving millions. of ransom dollars.

While U.S. officials have not accused the Russian government of direct involvement in the latest attacks, some lawmakers say Russia-based cybercriminals often work with the knowledge, if not the complicity, of the Kremlin. They demand that Biden deliver a harsh message to Putin to end the practice.

In a ransomware attack, cybercriminals encrypt a company’s or institution’s data, then demand a ransom in exchange for a decryption key and a promise not to disclose the data. Ransomware groups often offer their services to other hackers in exchange for a share of the ransom. Experts say this has helped lure a growing number of otherwise newbie cybercriminals into the lucrative ransomware industry.

Here are the answers to three key questions about Russia’s role in ransomware attacks:

What do we know about Russian-speaking ransomware groups?

Cyber ​​security companies are tracking dozens of ransomware groups around the world. Most are said to be operating in Russia and former Soviet republics like Belarus, Ukraine, Kazakhstan and Latvia, according to cybersecurity firm Recorded Future.

Their precise number is unknown, although it has steadily increased over the past two years. Recorded Future tracks around 15 Russian-speaking ransomware groups. Check Point, a US-Israeli security firm, is monitoring seven, including several responsible for major ransomware attacks in recent years.

Among them are DarkSide and REvil, the two groups behind the attacks on Colonial Pipeline and JBS, a major beef producer, respectively. REvil was behind some of the biggest ransomware attacks in the United States in 2020, according to Lotem Finkelstein, head of Check Point’s threat intelligence group.

“Maybe there are more, but we can only speculate,” Finkelstein said in an interview with VOA.

Babuk, another Russian-speaking ransomware family discovered earlier this year, has attacked at least five major entities, with one victim already paying attackers $ 85,000 in ransom, according to cybersecurity firm McAfee. The Washington, DC Metropolitan Police Department was reportedly another victim.

Russian-speaking ransomware groups follow an unwritten rule: As long as they avoid targets in Russia and other former Soviet republics, “they are left to operate in peace by local authorities,” Recorded Future says.

Another rule of the game: ransomware gangs only work with Russian-speaking partners.

What do we know about the links between ransomware gangs and the Kremlin?

The Russian government has denied any involvement in recent ransomware attacks against the United States, and the precise links between the ransomware groups and the Kremlin remain unclear. While U.S. officials have accused Russian spy services of co-opting hackers, they have been careful not to blame the Russian government directly for the recent attacks on Colonial Pipeline and JBS.

Following the attack on the colonial pipeline, which sparked panic buying of gasoline and traffic jams along the east coast, President Biden said that so far there has been “no evidence based on, from our intelligence services, that Russia is involved, even though there is evidence that the actors, the ransomware, are in Russia. “

During a recent congressional hearing, FBI Director Christopher Wray said he could not publicly discuss the connection between cybercriminals and Russian actors. Nonetheless, he noted that the “most recent” ransomware attackers “are individuals who, perhaps not coincidentally, specifically target English-speaking victims.”

US lawmakers go further, however, insisting that attacks emanating from Russia could not take place without at least the tactical approval of the Russian government. Senator Mark Warner, Democratic chairman of the Senate Intelligence Committee and co-chairman of the bipartisan Senate committee on cybersecurity, said the cybercriminals were operating “with the indirect consent of the Russian government.”

“And don’t think for a moment that the Russian spy services, the Russian government is not monitoring and learning techniques from these cybercriminals,” Warner said in an interview with the Washington Post Live Monday.

The line between cybercriminals and state actors has blurred. Many Russian-based cybercriminals may work for Russian spy services during the day and “moonlight” as cybercriminals at night, Warner said.

How is the United States responding to the threat of ransomware?

With ransomware becoming a threat to national security, some lawmakers and cybersecurity experts are calling for a more aggressive US response. The Justice Department’s recently formed Ransomware Task Force recovered most of the $ 5 million in cryptocurrency paid by Colonial Pipeline. The effort to recover the ransom is important, experts say, but lawmakers warn that it is not enough to end the larger problem.

“I think we need to start thinking about committing an offense and fighting back,” Republican Representative Michael McCaul said during a House Homeland Security hearing on the Colonial Pipeline cyberattack. “There should be consequences.”

Cyber ​​security experts agree that a stronger government response is needed.

“I certainly believe there is a way and an opportunity to disrupt the aggressive threat actors who continue to wreak havoc in the United States,” said Charles Carmakal, chief technology officer at cybersecurity firm FireEye.

Ahead of Wednesday’s summit, Putin suggested that one approach could be a mutual agreement to extradite cybercriminals between the United States and Russia. Biden said at the G-7 meeting he was “open” to Putin’s idea, calling the offer “potentially a good sign of progress.”

National Security Advisor Jake Sullivan then clarified Biden’s statement, saying the president “isn’t saying he’s going to trade cybercriminals with Russia,” but agrees that cybercriminals should be held accountable in two countries.

Source link

Leave A Reply

Your email address will not be published.