Nothing is off the table now in the fight against cybercrime and those related to ransomware. Not only are there rewards for tips on who’s behind the attacks, but a new task force put in place by the White House could even turn the tables on the cybergangs and launch their own attacks.
The new U.S. ransomware task force that was announced on Thursday (July 15) promises payouts up to $10 million for information that identifies the hackers using their expertise for evil. But considering there are ransomware attacks every 11 seconds, according to Cybersecurity Ventures and 4,000 daily ransomware attacks in the U.S. since 2016, that might not be nearly enough to end the problem completely.
This task force became a priority for the Biden administration in the wake of the $70 million in crypto-ransom sought by Russian hacking group REvil before its abrupt disappearance this week. The task force could also launch “disruptive cyberattacks on hacker gangs” and develop partnerships with businesses that should expedite how quickly federal officials learn about these high-profile hacks and take action.
Under the task force, federal agencies will promote digital resilience, form partnerships with cyber-insurance and critical infrastructure companies, and try to end cryptocurrency-based ransom payments, among other actions, according to the Politico report.
“We’ve got to send a very strong, even disproportionate, message to Russia that we’re not going to tolerate this,” said House Homeland Security ranking member John Katko (R-N.Y.) to Bloomberg last week.
While the task force represents the most forceful U.S. response to cyberattacks, it’s certainly not the first one. The U.S. Cybersecurity and Infrastructure Security Agency released a ransomware guide in September with the Multi-State Information Sharing and Analysis Center (MS-ISAC) that includes industry best practices and a checklist for crafting cyber incident response plans.
CISA also rolled out the Reduce the Risk of Ransomware Campaign in January to “raise awareness and instigate actions to combat this ongoing and evolving threat,” and published a fact sheet dubbed Rising Ransomware Threat to Operational Technology Assets, which provides information on the rising risk of ransomware and recommended actions to reduce the risk.
The agency will launch an interagency website that will help it collect and synthesize information from other federal groups. The Treasury Department’s Financial Crimes Enforcement Network (FinCEN) will host a virtual conference on ransomware next month, and the State Department’s Rewards for Justice effort will offer cash payments for tips that lead to the arrest of ransomware perpetrators.
Meanwhile, a bipartisan group of U.S. senators will soon introduce legislation that requires companies, including critical infrastructure organizations, to report hacks to the government. The House Homeland Security Committee is also working on a similar bill.
“Vladimir Putin understands power, and he understands risk,” said Sen. Angus King (I-Maine), “and he has to understand that this kind of conduct by the Russian state is unacceptable and will entail costs.”
The task force answers the call for federal action from U.S. lawmakers in recent weeks following ransomware attacks on the Colonial Pipeline, a key East Coast fuel supplier, and JBS, one of the country’s largest meat suppliers. IT software vendor Kaseya was also targeted in a ransomware attack this month that impacted hundreds of companies.
Beyond Big Business
High-profile hacks, of course, aren’t just the domain of the business world. CNBC reported last month that cybercriminals have been planting “mining malware” in certain video games to get access to cryptocurrencies.
Once installed, the malware — dubbed “Crackonosh” — uses the computer’s processing power to mine for the digital currency, generating $2 million in Moreno in the last three years. About 220,000 global users have been infected so far, mostly in Brazil, India, the Philippines and the U.S.
Hackers are also increasingly focused on the healthcare space, ValidDatum CEO Daryl Crockett told PYMNTS. She said health records are worth 10 to 100 times more than a credit record, and noted that the stolen patient information can be used to create falsified health IDs.
“Today, a lot of healthcare systems are being attacked by ransomware,” Crockett said, before pointing out that “there’s a massive urgency to get those systems up and running as soon as possible, because patients could literally be dying without access to their information.”
Crockett noted that cyberinsurance policies are becoming less valuable as insurers figure out new ways to avoid paying claims unless the holder proves it did everything possible to put itself in what lawyers would call a “defensible position.”
Large healthcare networks remain the primary target for ransomware hacks, but cybercriminals are increasingly using bots and artificial intelligence (AI) to target large swaths of names and information at small and medium-sized facilities, “knowing they’ll only get some of them,” said Crockett.
Even before the REvil plot against Kasey, Crockett noted that state-sponsored terrorists have been “even more disturbing,” and are becoming increasingly troublesome foes to healthcare data security — especially mercenary cybergroups that gather hackers for a specific mission or campaign, such as attacks on healthcare facilities and hospital networks. “We’re not dealing with the same scenario we were even a year ago,” she said.
According to the Department of Health and Human Services, there were 82 ransomware incidents across the global health sector this year through May 25.