[ad_1]
After a few months Dramatic upgrade, two famous Russian ransomware gangs, REvil with Dark side, This summer was quiet for a few weeks. As the suspension occurred, the White House and US law enforcement pledged to combat ransomware and bravely faced a government that seemed to provide a “safe harbor” for the most reckless groups. That calm has officially ended.
REvil and Darkside launched a devastating attack on well-positioned people in the first half of summer Information Technology Services East Coast Colony Pipeline Kaseya Company Fuel distribution system, with Global meat supplier JBS and so on.With increasing influence, and just beginning to work on public-private cooperation Ransomware Working Group At the end of April, the US law enforcement agencies moved quickly. In June, the FBI tracked and seized more than $4 million worth of cryptocurrencies, which were paid to Darkside by the Colonial Pipeline.with this Washington post Report This week, the FBI obtained the Kaseya ransomware decryption key from the REvil server, but did not release it so that they could operate the gang’s infrastructure. REvil went offline abruptly, and officials have not acted as planned.
Anne Newberg, White House Deputy National Security Advisor Even noticed In early August, BlackMatter (the clear successor to Darkside with technical similarities) had promised to avoid critical infrastructure targets in its attacks. She suggested that the Kremlin might heed President Joseph Biden’s requests and warnings regarding ransomware in early summer.
“We have noticed the reduction of ransomware, and we think this is an important step in reducing the risks faced by Americans,” Newberg added earlier this month. “There may be many reasons, so we have noticed this trend, and we hope this trend will continue.”
It seems unlikely. REvil and other gangs Resurfaced After Labor Day weekend. Earlier this week, Russian hackers from BlackMatter launched a ransomware attack, demanding $5.9 million from the Iowa Grain Cooperative New Cooperative, a key infrastructure target for the US food supply.At the same time, on Monday, the Cybersecurity and Infrastructure Security Agency, the National Security Agency, and the FBI issued a Joint alert Over time, they have observed more than 400 attacks using Conti ransomware, which were distributed by the Russian ransomware-as-a-service group that participated in last year’s Rash from a hospital attack.
The US government is advancing its overall ransomware response.On Tuesday, the Ministry of Finance Said it would be sanctioned Suex cryptocurrency exchange is suspected of involvement in money laundering. The Treasury Department also stated that all ransomware victims should contact the department before deciding to pay the ransom to avoid sanctions violations. This call is in line with the White House’s broader efforts to allow victims to disclose when they were attacked by ransomware. The United States does not have a central data set that reflects each attack, and companies generally prefer to keep incidents quiet when possible.
Hackers seem to be ready and willing to adapt to law enforcement in the United States.Some groups have begun to take the initiative Warn victims not to disclose Attack the government, threatening to release stolen documents if the target does report the situation. These groups may simply use their time underground to formulate strategies, reorganize and reorganize, and the consequences of the high-profile attacks will follow.
Katie Nickels, director of intelligence at security company Red Canary, said: “This is definitely a long game-once you have a group that says they have left, someone will step in behind them.” Even in July and August, the numbers may seem to have declined, but there are still daily attacks and victim data posted on dark websites every day. So the good news is that the US government seems to be taking action and making it a priority; now It is too early to declare victory.”
[ad_2]
Source link