•   
  •   
  •   

US FBI Sees 'No Indication' Russia is Working to Stop Ransomware Attacks

07:10  15 september  2021
07:10  15 september  2021 Source:   newsweek.com

Opinion: Ransomware attacks are about to get worse. But there are ways to stop them

  Opinion: Ransomware attacks are about to get worse. But there are ways to stop them Ransomware extortions have become a self-sustaining ecosystem of criminality. It is a thriving business because most victims are willing to pay relatively modest ransoms, which then fund further attacks. Paying a ransom may incentivize bad behavior, but a victimized company usually (and understandably) just wants its data back as quickly as possible. Hackers are most often after money, but attacks can also destabilize the US economy, whether intentional or not.

The Biden administration has asked Moscow for help in stopping hackers from carrying out ransomware attacks from inside Russia but has not gotten any assistance, according to a FBI official. “There is no indication that the Russian government has taken action to crack down on ransomware actors that are operating in the permissive environment there,” FBI Deputy Director Paul Abbate says at an intelligence conference. NOTE: The assessment comes after President Joe Biden recently brought the matter up in a meeting with Russian President Vladimir Putin.

Both the ransomware attack on Colonial Pipeline, which triggered gas shortages along the eastern US in May, and the ransomware assault on JBS have been attributed to groups affiliated with Russia . In a statement Wednesday, the FBI attributed the attack "to REvil and Sodinokibi and are working diligently to bring the threat actors to justice. We continue to focus our efforts on imposing risk and consequences and holding the responsible cyber actors accountable." Blinken arrived in the Costa Rican capital of San Jose Tuesday for meetings with counterparts from Central America and Mexico.

The deputy director of the FBI told the Associated Press in a Tuesday interview that "there is no indication" that Russia has made a meaningful effort to crack down on ransomware attacks.

a man wearing a suit and tie looking at the camera: FILE - In this April 14, 2021, file photo National Security Agency (NSA) Director Gen. Paul Nakasone testifies during a Senate Select Committee on Intelligence hearing about worldwide threats, on Capitol Hill in Washington. Nakasone who leads U.S. efforts to thwart and punish foreign-based cyberattacks says he’s mounting a new “surge” to fight incursions that have at times debilitated government agencies and companies responsible for critical infrastructure. In an interview, Nakasone broadly described “an intense focus” by government specialists to better find and share information about cyberattacks and “impose costs when necessary.” © Saul Loeb/Pool/AP, File FILE - In this April 14, 2021, file photo National Security Agency (NSA) Director Gen. Paul Nakasone testifies during a Senate Select Committee on Intelligence hearing about worldwide threats, on Capitol Hill in Washington. Nakasone who leads U.S. efforts to thwart and punish foreign-based cyberattacks says he’s mounting a new “surge” to fight incursions that have at times debilitated government agencies and companies responsible for critical infrastructure. In an interview, Nakasone broadly described “an intense focus” by government specialists to better find and share information about cyberattacks and “impose costs when necessary.”

At the Intelligence & National Security Summit, Deputy Director Paul Abbate and General Paul Nakasone, the head of U.S. efforts against cyberattacks, detailed a "surge" to fight attacks that have crippled government agencies and companies responsible for critical infrastructure.

Ransomware group that carried out major attacks reappears after brief absence

  Ransomware group that carried out major attacks reappears after brief absence A Russian-speaking cybercriminal group responsible for a series of ransomware attacks on major US firms brought some of its infrastructure back online this week in a sign that it could be back in business, according to cybersecurity experts. © Shutterstock Payment portals and a victim-shaming website used by the so-called REvil group had been quiet since the hackers claimed responsibility for a July ransomware attack on IT provider Kaseya that affected an estimated 1,500 businesses around the world.

Ransomware attack nothing to do with Russia - Putin. Health chiefs blocked external communication to servers until Wednesday to stop the spread of the “ ransomware ” virus as He said: “Although we have never seen anything on this scale when it comes to ransomware attacks Smith said the “ ransomware ” attacks had used data stolen from the NSA earlier this year, which contained

US President Joe Biden recently vowed to review the threat posed by ransomware attacks after the US subsidiary of Brazilian meat processor JBS and the Colonial Pipeline, the nation's largest fuel provider, were targeted by hackers.

Nakasone said there is "an intense focus" by officials to find and share information about the attacks and "impose costs when necessary." Costs include linking enemies to these attacks and uncovering how they were executed, he said.

For more reporting from the Associated Press, see below.

Abbate, Nakasone and other U.S. government officials spoke Tuesday

"Even six months ago, we probably would have said, 'Ransomware, that's criminal activity,'" Nakasone said. "But if it has an impact on a nation, like we've seen, then it becomes a national security issue. If it's a national security issue, then certainly we're going to surge toward it."

A devastating wave of cyberattacks has compromised sensitive government records and at times led to the shutdown of the operations of energy companies, hospitals and schools. The SolarWinds espionage campaign exposed the emails of 80 percent of the email accounts used by the U.S. attorneys' offices in New York and several other departments. A separate hack of Microsoft email server software affected potentially tens of thousands.

Russia opposition stifled but unbowed as Duma election nears

  Russia opposition stifled but unbowed as Duma election nears MOSCOW (AP) — In the months before Sunday's parliamentary election in Russia, authorities unleashed an unprecedented crackdown on the opposition, making sure that the best-known and loudest Kremlin critics didn’t run. Some were barred from seeking public office under new, repressive laws. Some were forced to leave the country after threats of prosecution. Some were jailed. Pressure also mounted on independent media and human rights activists: A dozen news outlets and rights groups were given crippling labels of “foreign agents” and “undesirable organizations” or accused of ties with them.

The ransomware attack on the Colonial Pipeline Company last month, followed by the weekend attack on JBS USA, a major meat producer, highlight how these incidents can disrupt the companies themselves and critical industries throughout the United States. The FBI confirmed Thursday they are attributing the JBS cyberattack to REvil and Sodinokibi ransomware and praised the company for quickly responding to the hack. "We continue to focus our efforts on imposing risk and consequences and holding the responsible cyber actors accountable," the FBI said in a statement.

The FBI issued an alert about the Hive ransomware after the organization got rid of Memorial Health System last week. The alert explains that Hive is a ransomware operated through affiliates, which was first noticed in June, which implements “various mechanisms to compromise corporate networks, adding phishing emails with malicious attachments and Remote Desktop Protocol CEO Scott Cantley said in a statement that staff at three hospitals — Marietta Memorial, Selby and Sistersville General Hospital — were forced to use paper records and, at the same time, their IT groups worked to repair their systems.

Nakasone jointly leads the National Security Agency, the chief intelligence agency tracking foreign communications, and U.S. Cyber Command, the Pentagon's force for offensive attacks. While the two organizations work mostly in secret, they have been part of a Biden administration effort to publicly identify the people and countries behind attacks. The White House has linked the SolarWinds breach to Russian intelligence and the Microsoft hack to China.

President Joe Biden directly pressed Russian President Vladimir Putin in July to take action against cyber attackers, telling reporters, "We expect them to act if we give them enough information to act on who that is."

Nakasone also oversees efforts to track and stop foreign efforts to influence U.S. elections. He disclosed earlier this year that U.S. Cyber Command conducted more than two dozen operations intended to thwart interference in last year's presidential election.

Overnight Hillicon Valley — Ex-US intel operatives pay to settle hacking charges

  Overnight Hillicon Valley — Ex-US intel operatives pay to settle hacking charges Today is Tuesday. Welcome to Hillicon Valley, detailing all you need to know about tech and cyber news from Capitol Hill to Silicon Valley. Subscribe here: thehill.com/newsletter-signup.Three former U.S. intelligence and military personnel members settled with the Justice Department by agreeing to a massive sum due to allegations that they worked as mercenary hackers for the government of the United Arab Emirates. Meanwhile, a top official atThree former U.S. intelligence and military personnel members settled with the Justice Department by agreeing to a massive sum due to allegations that they worked as mercenary hackers for the government of the United Arab Emirates.

The FBI described the incident succinctly: a "supply chain ransomware attack leveraging a vulnerability in Kaseya VSA software against multiple MSPs and their customers." Huntress (1,2) has tracked 30 MSPs involved in the breach and believes with "high confidence" that the attack was triggered via "This is one of the farthest-reaching criminal ransomware attacks that Sophos has ever seen ," commented Ross McKerchar, Sophos VP. "At this time, our evidence shows that more than 70 managed service providers were impacted, resulting in more than 350 further impacted organizations.

How Does Ransomware Work ? Ransomware begins with malicious software being downloaded onto an endpoint device, like a desktop computer, laptop or smartphone. This usually happens because of user error and ignorance of security risks. If a ransomware attack succeeds and your data is compromised, the best way to protect your organization is to be able to restore the data you need quickly and minimize the downtime. The best way to protect data is to ensure that it is backed up in multiple places, including in your main storage area, on local disks, and in a cloud continuity service.

Biden said in July that Russia had already begun efforts to spread misinformation regarding the 2022 midterm elections, calling them a "pure violation of our sovereignty." Nakasone declined to detail allegations against Russia, saying intelligence agencies were "generating insights which will move to sharing information in the not too distant future."

U.S. agencies are not aware of any specific threats related to Tuesday's California gubernatorial recall election, Nakasone said.

Related Articles

  • Robert Durst Jury to Begin Deliberations in Murder Trial: What He Is Accused Of
  • Jim Breuer Cancels Shows Over Vaccine Rules, Here Are Others Who Have Done the Same
  • Five People Who Traveled to Virginia From Afghanistan Test Positive for Measles
  • Kentucky Has Critical Staff Shortages in 70 Percent of Hospitals, on 'Brink' of Collapse

Start your unlimited Newsweek trial

Hackers are leaking children’s data — and there’s little parents can do .
Most don’t have bank passwords. Few have credit scores yet. And still, parts of the internet are awash in the personal information of millions of schoolchildren. © Provided by NBC News The ongoing wave of ransomware attacks has cost companies and institutions billions of dollars and exposed personal information about everyone from hospital patients to police officers. It’s also swept up school districts, meaning files from thousands of schools are currently visible on those hackers’ sites.

usr: 4
This is interesting!