COMMENTARY. The US government is ramping up efforts to stem the increasingly disruptive scourge of ransomware attacks.
The State Department recently offered up to $15 million for information on LockBit, and $10 million for information on the BlackCat/ALPHV or Hive ransomware gangs.
The conditions that need to be met in order to collect these bounties are rigorous, and the payouts represent a tiny fraction of the revenue ransomware operators and their partners are realizing, leaving little incentive to cooperate with authorities.
Ransomware Operators as Nation-State Proxies We know rogue nations like Russia support ransomware operations, and they provide a safe harbor for attackers.
A recent report by Chainalysis assessed that 74% of all the illicit revenue generated by ransomware attacks during 2021 went to Russia-linked attackers, the lion's share of ransomware proceeds.
We cannot discount the potential dual nature of many of today's ransomware attacks.
There is plenty of overlap between cybercriminal activity and nation-state operations, as evidenced by shared tooling and attack infrastructure.
Using ransomware gangs as proxies provides plausible deniability for nations like Russia, while leveraging them in a larger geopolitical strategy.
Designating Some Ransomware Attacks as Terrorism Ransomware attacks targeting critical infrastructure providers like healthcare organizations have crossed the line from cybercriminal activity to a serious national security threat.
It's no longer just speculation as to whether ransomware attacks are threatening lives.
When remote attackers disrupt systems critical to care and hold dozens of healthcare providers and their patients to ransom, we simply call it an IT security event and the government response is to offer more guidelines and frameworks.
A recent report by Ponemon found a direct link between ransomware attacks and negative patient outcomes: 68% of survey respondents said ransomware attacks disrupted patient care; 46% noted increased mortality rates; 38% noted more complications in medical procedures.
Other research found that between 2016 and 2021, ransomware attacks contributed to between 42 and 67 patient deaths, as well a staggering 33% increase in death rates per month for hospitalized Medicare patients.
There is definitely a case to be made to designate some of these attacks as acts of state-supported terrorism.
Some might argue that the lack of a clearly stated political motive behind ransomware operations means that, while an attack on a hospital that disrupts patient care and leads to negative outcomes could be described as inflicting terror, it would not necessarily meet the definition of terrorism.
If we designate these attacks as threats to national security, there are different rules of engagement that would go far beyond mere indictments, and can include offensive actions deemed appropriate and proportional, both cyber and kinetic.
The Hard Truth: Guidelines and Frameworks Are Not Enough Organizations that are the victims and potential victims of these attacks have largely been left to fight this battle on their own while getting little to no protection from the government.
We need more than vanilla government public relations programs to combat ransomware attacks.
It is imperative that the US government and allied nations that are the targets of these attacks differentiate at least a portion of them by reclassifying them as terrorist acts so we can leverage some new tools in this fight.
Otherwise, it will be a long, hard, lonely road ahead for ransomware victims.
This Cyber News was published on www.darkreading.com. Publication date: Tue, 09 Apr 2024 14:40:07 +0000