South Florida Sun-Sentinel (Sunday)
Ransomware hacks persists as high-profile attacks slow
WASHINGTON — In the months since President Joe Biden warned Russia’s Vladimir Putin that he needed to crack down on ransomware gangs in his country, there hasn’t been a massive attack like the one last May that resulted in gasoline shortages. But that’s small comfort to Ken Trzaska.
Trzaska is president of Lewis & Clark Community College, a small Illinois school that canceled classes for days after a ransomware attack last month that knocked critical computer systems offline.
“That first day,” Trzaska said, “I think all of us were probably up 20-plus hours, just moving through the process, trying to get our arms around what happened.”
Even if the United States isn’t currently enduring large-scale, front-page ransomware attacks on par with ones earlier this year that targeted the global meat supply or kept millions of Americans from filling their gas tanks, the problem hasn’t disappeared. In fact, the attack on Trzaska’s college was part of a barrage of lower-profile episodes on businesses, governments, schools and hospitals.
The college’s ordeal reflects the challenges the Biden administration faces in stamping out the threat — and its uneven progress in doing so since ransomware became an urgent national security problem last spring.
U.S. officials have recaptured some ransom payments, cracked down on abuses of cryptocurrency, and made some arrests. Spy agencies have launched attacks against ransomware groups and the U.S. has pushed federal, state and local governments, as well as private industries,
to boost protections.
Yet six months after Biden’s admonitions to Putin, it’s hard to tell whether hackers have eased up because of U.S. pressure. Smaller-scale attacks continue, with ransomware criminals continuing to operate from Russia with seeming impunity. Administration officials have given conflicting assessments about whether Russia’s behavior has changed since last summer. Further complicating matters, ransomware is no longer at the top of the U.S.-Russia agenda, with Washington focused on dissuading Putin from invading Ukraine.
The White House said it was determined to “fight all ransomware” through its various tools but that the government’s response depends on the severity of the attack.
Ransomware attacks — in which hackers lock up victims’ data and demand exorbitant sums to return it — surfaced as a national security emergency for the administration after a May attack on Colonial Pipeline, which supplies nearly half
the fuel consumed on the East Coast.
The attack prompted the company to halt operations, causing gas shortages for days, though it resumed service after paying more than $4 million in ransom. Soon after came an attack on meat processor JBS, which paid an $11 million ransom.
Since then, there have been some notable attacks from groups believed to be based in Russia, including against Sinclair Broadcast Group and the National Rifle Association, but none of the same consequence or impact of those from last spring or summer.
One reason may be increased U.S. government scrutiny, or fear of it.
The Biden administration in September sanctioned a Russia-based virtual currency exchange that officials say helped ransomware gangs launder funds.
Last month, the Justice Department unsealed charges against a suspected Ukrainian ransomware operator and has recovered millions of dollars in ransom payments.