Washington Silent On Latest Ransomware Attack, Kremlin Says

Washington has reportedly not directly contacted Russia as of Monday following a sophisticated ransomware attack that affected hundreds of U.S. businesses on July 2nd. Security firm Huntress Labs reported to Reuters that they believe the attack is linked to a Russian affiliated ransomware gang known as REvil. The notorious hacking group was allegedly also responsible for the Memorial Day attack that extorted nearly 11 million dollars from the meat processing company JBS.

The latest attack has been deemed the single biggest global ransomware attack to date, with hundreds of American businesses and thousands of victims in at least 17 countries targeted through Kaseya’s VSA software. The company’s software is used by large IT businesses that contract with other small businesses. This attack came after U.S. President Joe Biden and Russian President Vladimir Putin’s summit in Geneva on June 16th. They mutually agreed to begin discussing mounting cybersecurity concerns, with President Biden warning that the U.S. will instill more intense ramifications if Russian affiliated attacks persisted. Reuters have referred to this latest ransomware disruption as a dangerous supply chain attack. According to Huntress senior security researcher John Hammond, “it has the potential to spread to any size or scale business.” President Biden has since directed U.S. intelligence agencies to investigate the ongoing attack but has been reluctant to accuse the Russian government of any involvement directly. REvil has demanded a 70 million dollar ransom payment to end the attack.

Cyberattacks on critical infrastructure have become more widespread within the past year. The unfortunate truth behind this most recent attack is that the United States government and agencies are not adequately prepared to tackle cyber threats alone. For many years this has become increasingly evident as malicious attacks have jeopardized the security of individuals, institutions, and private sector businesses. As David E. Sanger describes in The Perfect Weapon, part of the problem is that cyberspace has ultimately presented itself as the perfect cost-free invisible weapon that adversaries can use to undermine civil order and damage infrastructure, costing us economically. Cybercriminals have taken advantage of online anonymity to exploit vulnerabilities through information and communication technologies that have become embedded in both the private and government sector. U.S. agencies have attempted to protect the privacy and data of American citizens and businesses. Still, cybersecurity is much more complicated when it comes to large-scale software and hardware attacks. Unlike classical forms of warfare, cyber-attacks are instantaneous and erratic, making them difficult to predict and prevent. Under the Trump administration, former national security advisor John Bolton focused on constant offensive operations to deter and impose costs on groups launching cyberattacks. However, a policy focused on aggressive engagement can create the stage for long-term cyberwar without any effective strategy to solve the actual problem.

Since his inauguration, President Biden has made cybersecurity a top priority through all levels of the government. However, in 2021 alone, major ransomware attacks hit critical facilities such as SolarWinds, Colonial Pipeline and JBS Foods. SolarWinds changed the era of attacks as the breach affected both private companies and the Department of Homeland Security, and the Treasury. According to Insider News, cyberattacks in the past year have resulted in a loss of more than 4 billion dollars in the U.S. alone.

Ransomware is a malicious software attack that typically infects a computer through an email attachment or a Trojan horse, malware disguised as a seemingly legitimate attachment. Hackers lock the operating system until a ransom is paid or, even worse, encrypt all the files on the hard drive and only provide the keys if that person or business pays the ransom. Victims historically avoided paying a ransom if they continued to back up their systems and restore them after being compromised. However, hackers now prepare by downloading private data, threatening to release it to the public if a ransom is not paid. Worse still, many of these virulent groups operate within Russia with no enforcement or evidence to definitively attribute who the specific actors are. Allan Liska, who works on the computer security incident response (CSIRT) at a cybersecurity company, told Insider, “When we say Russia, China or, Iran — all of which have had ransomware actors operate out of their borders — we’re generally talking about financially motivated actors that are not necessarily working for the government. But they operate with a tacet approval from the government.”

Homeland Security reports obtained by CBS news indicate that ransomware attacks are likely to increase in the near and long term, and consumers and businesses should be more prepared. The ongoing threat requires that agencies engage in offensive and defensive measures to protect American infrastructure and privacy. The reality, however, is that the United States cannot rely solely on retaliatory attacks to defend information and infrastructure. Most ransomware attacks are through someone obtaining administrative rights and encrypting their data, threatening that the company or person must pay a ransom to decrypt and unlock it. Cybercriminals capitalize off this. Unfortunately, unless there are preventative protections beforehand, they will likely be forced to pay the ransom to get their private information or intellectual property back.

This year’s attacks have taught a valuable lesson in what consumers and companies can do to protect their information and data. Companies could potentially take the strategic option to enhance and standardize public key cryptography across institutions and infrastructure. Public key encryption would allow computers over the Internet to send messages and information securely to each other without the chance of a hacker obtaining data. Standardizing this means that communication and data transmitted between staff will be more protected from tampering and ransomware attacks for businesses and organizations. Operating off multiple firewalls, VPNs, and a highly-skilled cyber team to monitor the network in conjunction with anti-hacking software will make users less vulnerable. Another method could be for companies and the government to operate off a blockchain-based local network, which would require over 50 percent control of their internal network to access any information.

More generally, the Biden administration should focus on strengthening the cyber force between private and government agencies by allocating more resources and funds to incentivize and provide STEM education to build the foundation for a career in the field. As the Information Age progresses, these attacks will inevitably become more common. However, with adequate preparation and programs that can teach civilians and companies ways to protect their information from malicious actors, these attacks can become less frequent and damaging.

Jillian Mulloy


Leave a Reply