Recent ransomware attacks on critical infrastructure like pipelines, government agencies, water facilities, and a meat processing giant have demonstrated that hackers are raising the stakes while making off with millions of dollars.
By increasing attacks on critical systems, the hackers are gambling that the United States government won’t respond in kind. Almost all of the ransomware attacks have been traced to Russia and the shady world that barely separates private criminal enterprises from Russian intelligence.
The first half of 2021 has already seen a 102% increase in ransomware attacks compared to the beginning of last year, according to a report from cybersecurity firm Check Point Software.
The hackers have not only increased the frequency of attacks but have targeted much larger entities.
Multiple recent ransomware attacks have originated from Russia, according to US officials. On Wednesday, the FBI attributed the attack on meat producer JBS to Russia-based cybercriminal group called REvil, which also tried to extort Apple supplier Quanta Computer earlier this year. REvil is similar to DarkSide, the group US officials said was behind the ransomware attack that shut down the Colonial Pipeline last month.
Experts say both REvil and DarkSide operate what are essentially “ransomware-as-a-service” businesses, often employing large staffs to create tools to help others execute ransomware attacks, and taking a cut of the profits. In some cases, they also carry out their own attacks. Russian law enforcement typically leaves such groups operating within the country alone if their targets are elsewhere, because they bring money into the country, cybersecurity experts say.
The Biden administration is hesitant to use Pentagon cyber resources to take action against what amounts to criminal gangs. It wouldn’t be unprecedented for the military to attack the hackers but using the military in a law-enforcement role is a gray area.
Of course, striking the hackers invites retaliation and a never-ending tit-for-tat would ensue. But clearly, something has to be done as the criminals are doing major damage to big U.S. corporations.
Because they’re not carried out directly by governments, ransomware attacks like the ones that hit Colonial Pipeline and JBS have for years been treated as purely criminal matters, investigated by the FBI with an eye toward prosecution. Criminal accountability was rare, however, because most of the hackers live in Russia and other places outside the reach of U.S. law enforcement. Russia allows the hackers to operate without interference as long as they are attacking the West, U.S. officials say.
Even as the NSA began assembling data about ransomware groups, hospital systems were hit last fall by another wave of attacks. Sources said U.S. officials in charge of cyber policy became further convinced that it was time to focus more intelligence resources — and military cyberwarriors — on the problem.
“Sometime at the end of last year, everyone decided that this had risen to the level of a threat to national security,” said James Lewis, a cyber expert at the Center for Strategic and International Studies.
The government can only do so much. In the end, it’s up to U.S. companies to tighten their cyber defenses. But systems that have multiple entry points inevitably fail to lock everything down. Even a small breach like a personal laptop being unprotected can result in a hack like the one we saw with the Office of Personnel Management that exposed millions of personal files containing private information on employees and applicants.
In the end, the bad guys will always find a vulnerability. That’s been the history of hacking to date. As fast as cyber warriors can devise protections, the hackers can develop workarounds.