Payments strengthen ransomware gangs, but little support for bans

Boston (AP) — If your business is a victim of ransomware and you need simple advice on whether to pay criminals, don’t expect a lot of help from the US government. The answer is common: it’s different.

“It’s the US government’s position not to strongly recommend paying the ransom,” Eric Goldstein, the Department of Homeland Security’s chief cybersecurity official, said at a parliamentary hearing last week.

However, there are no penalties for paying, and refusing will most likely lead to suicide for many businesses, especially small businesses. Too many people aren’t ready. The result can be disastrous for the country itself. The recent brute force attacks that have attracted attention have led to executions at gas stations on the East Coast, threatening the supply of meat.

This dilemma makes civil servants wondering how to respond. In the first step, working bipartisan legislation will help respond, identify authors, and recover ransom, as the FBI did with most of the $ 4.4 million recently paid by Colonial Pipeline. Mandatory immediate federal reporting of ransomware attacks to help.

But without immediate additional action, ransom will continue to skyrocket, funding better crime intelligence and tools that will only exacerbate the global wave of crime, experts say.

President Joe Biden has not been guaranteed by Russian President Vladimir Putin of Geneva last week that the cybercriminals behind the attack will not continue to enjoy Russia’s safe harbor. At the very least, Putin’s security services tolerate them. In the worst case, they work together.

Energy Secretary Jennifer Granholm said in favor of a ban on payments this month. “But I don’t know if Congress or the President is in favor,” she said.

And, as Goldstein reminded Congressmen, paying does not guarantee that you will get your data back, or that confidential stolen files will not be put up for sale on the Darknet Crime Forum. No. Even if the ransomware scammers keep their word, you will fund their next attack. And you may be hit again.

In April, John Demers, then the Supreme National Security Officer of the Justice Department, was reluctant to ban payments. There is. “

Perhaps the most enthusiastic about bans are those who know the ransomware criminals best: cybersecurity threat responders.

Lior Div, CEO of Cybereason based in Boston, sees them as terrorists in the digital age. “It’s another form of terrorism, very modern.”

UK law in 2015 prohibits UK-based insurers from reimbursing companies for terrorist ransom payments. This is a model that some believe should be universally applied to ransomware payments.

Adriannish, Chief of Threat Intelligence at BAE Systems, said:

US law prohibits physical support for terrorists, but in 2015 the Justice Department abandoned the threat of criminal prosecution against terrorist ransom-paying citizens.

“There’s a reason it’s the policy of the terrorist attack: you give the enemy too much power,” said Marine Corps University scholar and senior at the Cyberspace Solarium Commission, a bipartisan organization created by Congress. The adviser, Brandon Valeriano, said.

Some ransomware victims take a principled position on payments. Labor costs are kept down. The first was the University of Vermont Health Network, which was charged more than $ 63 million for recovery and loss of service after the October attack.

Ireland also refused to negotiate when the country’s health services were hit last month.

Even after five weeks, medical information technology in 5 million countries is terribly deadlocked. Cancer treatment has only been partially restored, email services are patched, and digital patient records are barely accessible. People clog the emergency room for laboratory and diagnostic tests because the primary care physician cannot order the emergency room. As of Thursday, 42% of the system’s 4,000 computer servers had not yet been decrypted.

The criminal handed over the software decryption key a week after the attack. This was after the Russian embassy received a rare offer to “support the investigation,” but recovery was a painful slogan.

“The decryption key is not a magic wand or switch that can suddenly undo damage,” said Brian Honan, Ireland’s top cybersecurity consultant. All recovered machines should be tested to ensure they are free of infection.

The data show that most ransomware victims pay. Insurer Hiscox says more than 58% of suffering customers are paying, while leading cyber insurance broker Marsh McLennan accounts for about 60% of affected US and Canadian customers. And.

However, paying does not guarantee a near full recovery. In a survey of 5,400 IT decision makers, cybersecurity firm Sophos said that on average, ransom payers regained 65% of their encrypted data and more than one-third became inaccessible. 29% say they only got back half of the data. From 30 countries.

In a survey of about 1,300 security professionals, Cybereason found that four of the five companies that chose to pay the ransom were hit by a second ransomware attack.

Despite that calculation, insured and well-funded businesses tend to pay.

Colonial Pipeline paid almost immediately last month to return fuel to the east coast of the United States. After that, we determined whether the data backup was robust enough to avoid payments. Meat processing Goliath JBS then paid $ 11 million to avoid the possibility of disrupting the U.S. meat supply, but data backups also helped bring the factory back online before it was seriously damaged. Proved to be sufficient.

It’s not clear which company’s concerns about dumping stolen data online have influenced payment decisions.

Colonial doesn’t say whether fears that 100 gigabytes of stolen data could catch the eye influenced CEO Joseph Blount’s payment decision. “Our analysis shows that corporate data has not been stolen,” said Cameron Bruett, a JBS spokesman. He doesn’t say whether the criminal claimed to have stolen the data in a ransom note.

Irish authorities were well aware of the risks. Criminals claim to have stolen 700 gigabytes of data. Yet it has not surfaced online.

Disclosure of such data can lead to proceedings and loss of investor confidence, which is a mana for criminals. A ransomware gang trying to blackmail a major US company released a nude photo of its CEO’s adult son on the leak site last week.

At a written request, Congressman Carolyn Maloney, chairman of the House Committee on Oversight and Reform, called for more information on JBS and colonial cases and CNA insurance. Bloomberg News reported that CNA Insurance handed over $ 40 million to ransomware criminals in March. “Parliament needs to figure out how to break this vicious circle,” said a Democrat in New York.

Recognizing the lack of support for a ransom ban, Senate Intelligence Committee Chairman Mark Warner, D-Va. , And other legislators want to at least increase transparency from ransom victims who often do not report attacks.

They are drafting a bill that requires reporting of violations and ransom payments. They must be reported within 24 hours of detection and the agency decides on a case-by-case basis whether to disclose the information.

However, it does not protect unprepared victims from potential bankruptcy if they do not pay. To that end, various proposals have been proposed to provide financial assistance.

This month, the Senate approved a bill to establish a special cyber response and recovery fund to provide direct support to the most vulnerable private and public organizations affected by large-scale cyberattacks and breaches.

Sign up for our daily newsletter

Copyright © 2021 The Washington Times, LLC.

Payments strengthen ransomware gangs, but little support for bans

Source link Payments strengthen ransomware gangs, but little support for bans

Back to top button