Wednesday, October 13, 2021

Nations reveal ransomware pain at US-led summit

By AFP
Published October 13, 2021

A digital “disaster” in Germany, growing attacks in the United Arab Emirates and even Israel announcing a blitz underway: nations disclosed their struggle Wednesday against cyber-extortionists at a Washington-led anti-ransomware summit.

The United States has convened some 30 countries — with the notable exception of Russia — to boost cooperation in fighting the costly and disruptive attacks that have boomed around the world.

As if on cue, Yigal Unna, director of Israel’s National Cyber Directorate, broke news of the latest incident.

“I can disclose now that Israel is experiencing, as we speak, a major ransomware attack against one of its big hospitals,” Unna said.

If the experiences recounted are any indication, the threat is painful, widespread, and growing.

Germany recalled that this summer, for the first time, a local government in the eastern district of Anhalt-Bitterfeld declared a state of “cyber disaster” after being crippled by a ransomware attack.

The United States has also been hit, especially in the first half of 2021, by numerous ransomware attacks against businesses.

These attacks involve breaking into an entity’s networks to encrypt its data, then demanding a ransom, typically paid in cryptocurrency in exchange for the key to unlock it.

“We talked about… a 70 percent increase year over year in South Korea, 200 percent in the UAE,” said Anne Neuberger, deputy national security adviser for cyber.

Hospitals targeted in Ireland and the Czech Republic as well as severe disruptions to maritime infrastructure in South Africa were among the experiences recounted.

The United Kingdom, Australia, India, Japan, France, Germany, South Korea, the European Union, Israel, Kenya, Mexico, and others joined in the virtual gathering that opened Wednesday and is set to continue Thursday.

– Russia not invited –

“No one country, no one group can solve this problem,” stressed White House National Security Advisor Jake Sullivan.

“Our governments may have different approaches with respect to the tools… to counter ransomware” he said, but “we recognize the urgency of the ransomware threat.”

In particular, he praised the active participation of Australia, Germany, India, and the United Kingdom in the preparations for the meeting.

These countries have organized workshops, which will take place on Wednesday and Thursday, around four themes: building resilience to the extortion attempts, the role of cryptocurrency in laundering ransoms, law enforcement and judicial action as well as diplomacy.

Asked about Russia’s absence, a senior White House official said in a briefing Tuesday, “in this first round of discussions we did not invite the Russians to participate.”

The source said Washington and Moscow had already established a “separate channel” of communication on the subject.

Although Moscow denies any responsibility, most recent ransomware attacks against the United States have been blamed on Russian-speaking hacker groups or those operating from Russian territory.

US President Joe Biden spoke with Russian leader Vladimir Putin in July, telling him to “take action” against ransomware groups operating in Russia.

“We’ve seen some steps by the Russian government and are looking to see follow-up actions,” the White House official said Tuesday.

Russia excluded from 30-country meeting to fight ransomware and cyber crime


Nandita Bose
Reuters Staff
Wednesday, October 13, 2021 

(Soumil Kumar / Pexels.com)

WASHINGTON -- Russia was not invited to attend a 30-country virtual meeting led by the United States that is aimed at combating the growing threat of ransomware and other cyber crime, a senior administration official said.

Many ransomware gangs operate from Ukraine and Russia, private sector cybersecurity experts say.

Some U.S. officials and analysts have said Russian ransomware gangs operate with the Kremlin's tacit approval, but are not directly controlled by the government.

Related Stories
Seven in 10 Canadian organizations facing ransomware attack paid demands: survey

The meeting will be held over two days, involve six sessions and include topics such as addressing the misuse of virtual currency to launder ransom payments, prosecuting ransomware criminals, using diplomacy to counter ransomware, and helping nations become more resilient to such attacks, the administration official said.

Along with the United States, India, Australia, Germany and the United Kingdom will lead discussions on topics such as disruption, virtual currency and diplomacy.

Others joining the meeting include Canada, France, the United Kingdom, Brazil, Mexico, Japan, Ukraine, Ireland, Israel, South Africa, the European Union.

"We are having active discussions with the Russians, but in this particular forum they were not invited to participate," the senior administration official said, adding this does not preclude Russia from participating in future events.

The official said the United States engages directly with Russia on the issue of ransomware under the U.S.-Kremlin Experts Group, which is led by the White House and has been established by President Joe Biden and Russian President Vladimir Putin.

The official said discussions with Russia are ongoing, the U.S. has shared information on specific criminal actors within Russia and that the country has taken initial steps to address the issues being raised.

Addressing the opening session of the meeting on Wednesday, U.S. National Security Advisor Jake Sullivan said the meeting shows governments of participating countries recognize the urgency of the threat of ransomware.

"We view international cooperation as foundational to our collective ability to deal with the ransomware ecosystem, to hold criminals and the states that harbor them accountable, and to reduce the threat to our citizens in each of our countries," he said.

President Joe Biden has elevated the response to cybersercurity to the most senior levels of the administration following a set of attacks this year that threatened to destabilize U.S. energy and food supplies.

Hackers caused fuel disruptions in the eastern United States in May when they targeted a pipeline run by Colonial Pipeline. Sullivan said the U.S. Department of Justice recovered more than US$2 million of ransom paid to criminal actors who attacked the pipeline company.

The Biden administration hopes that their new informal group, which they are calling the Counter-Ransomware Initiative, will bolster their diplomatic push that has included direct talks with Russia as well as the NATO alliance and Group of Seven wealthy nations.

Russia responsible for most devastating ransomware attacks - UK cyber chief


Ransomware attacks pose the most immediate danger to UK businesses, the head of countries' National Cyber Security Centre (NCSC), Lindy Cameron, has warned.

Cybercriminals from Russia and its neighbors are behind the largest extortion attacks aimed at UK businesses, Cameron said. According to NCSC's chief, the assessment comes from NCSC and the National Crime Agency (NCA).

"We – along with the NCA – assess that cybercriminals based in Russia and neighboring countries are responsible for most of the devastating ransomware attacks against UK targets," Cameron said during a speech to the Chatham House think tank.

The Head of NCSC added that cybercriminals are increasingly successful and pose a global challenge for nations in ensuring that no place becomes a safe haven.

"We – along with the NCA – assess that cybercriminals based in Russia and neighboring countries are responsible for most of the devastating ransomware attacks against UK targets."

-Lindy Cameron

"Ransomware presents the most immediate danger to UK businesses and most other organizations, from FTSE 100 companies to schools; from critical national infrastructure to local councils," Cameron said.

Last week, Ukrainian police announced they had arrested a 25-year-old man who hacked more than 100 foreign companies and caused damage worth more than $150 million. According to the authorities, the victims included world-famous energy and tourism companies.

Even though it is not the first time Russia has been mentioned among the top culprits behind the cybercrime epidemic plaguing the world, it is one of the first times the UK explicitly named Russia responsible for successful ransomware attacks.

It's hardly a secret that many prominent cyber cartels often operate from Russian territory. On May 7, the Colonial Pipeline facility in Pelham, Alabama. Its operators were forced to shut down their systems, causing fuel shortages in the American Southeast.

The culprit behind the attack was the Darkside ransomware cartel, known to operate in Russia. Darkside cartel was also behind a recent attack against a US farm service provider New Cooperative Inc. A meat supplier JBS was REvil, the same month.

Last December, against SolarWinds was discovered, with the Russia-linked APT29 cyber espionage group (aka Cozy Bear) named as the perpetrator.

Lindy Cameron NCSC
Image by NCSC.

Year in turmoil

Cyberattacks are increasing in scale, sophistication, and scope. In 2020, ransomware payments reached over $400 million, more than four times the level of 2019. This year will likely set another record benchmark for ransomware cartels globally.

Pundits talk of a ransomware gold rush, with the number of attacks increasing over 90% in the first half of 2021 alone.

A recent IBM report shows that an average data breach costs victims $4.24 million per incident, the highest in the 17 years. For example, the average cost stood at $3.86 million per incident last year, putting recent results at a 10% increase.

Some ransomware groups went dark for a while, after carrying out major attacks. A cool-off period is likely meant to regroup, and recent developments show that cybercrime cartels are waking up and will likely be on the prowl for the next major extortion scheme.



No comments: