Ransomware work starting, not done
This is the age of ransomware — not only in terms of attacks, which have been increasing steadily for some time now, but also in terms of awareness. One year after a major report on how best to fight this threat, the government has taken some necessary steps. Yet the work done so far, as the problem’s persistence shows, still isn’t sufficient.
The Institute for Security and Technology’s Ransomware Task Force last spring issued the most comprehensive recommendations the United States has seen for protecting against the attacks on computer systems that are crippling companies, cities, schools, hospitals and more. Mere weeks later, cybercriminals took Colonial Pipeline’s digital infrastructure hostage; weeks after that, the same thing happened to major meat processor JBS. These incursions caused harm enough, but even more grievous was the death of a baby, as reported by the Wall Street Journal, during the time a maternity ward’s equipment was disabled by hackers.
The good news is that the White House has decided not to sit idly by. The new office of the national cyber director is working to develop a long-needed doctrine on the nation’s digital security, as well as clarify the roles and responsibilities across government. The Cybersecurity and Infrastructure Security Agency is helping beef up defense across industries, but just as essential is deterring attackers. That won’t happen until ransomware salvos cease to be profitable for their perpetrators. There, the Biden administration and Congress have also moved forward.
The Justice Department has launched a program to stop digital extortion that in its early days seized $2.3 million of the ransom Colonial Pipeline paid to hacking collective DarkSide; this fall, the department seized another $6 million from collective REvil. Congress has passed a law requiring critical infrastructure entities to report ransomware payments. Increased reporting is essential; law enforcement can’t go after cybercriminals without being aware of their crimes. But preventing payments from reaching the perpetrators is important, too, and stricter rules on the circumstances under which handing over a ransom is permissible are well worth considering. Cryptocurrency regulations that make it more difficult to mask transactions would also aid in tracking down the bad guys.
Perhaps most vexing but most essential is the challenge of reaching criminals who operate from ransomware havens. President Joe Biden’s attempts to persuade Vladimir Putin to crack down on gangs operating with impunity on the Russian president’s turf seemed to be yielding results, but the invasion of Ukraine has likely preempted any further collaboration. Diplomatic overtures could still help elsewhere - especially in countries that would take a firmer hand with malicious actors if they could but lack the resources and know-how. Providing them with both should be a U.S. national security priority.