Ransomware attacks are on the rise around the world. From the Colonial Pipeline to JBS - the effects are currently particularly noticeable in the USA and brought fuel and meat deliveries to a standstill for almost a week. Now the US government has made ransomware a top priority.
At the same time, however, the US government has taken important, unprecedented countermeasures in response to these attacks. For example, the groups behind the attacks were quickly identified and exposed. REvil / Sodinokibi was identified as the mastermind behind the attack on JBS and Darkside for the attacks on Colonial Pipeline.
US authorities are bringing back ransom
In addition, the US authorities were able to recover $ 2,7 million of the ransom money paid by Colonial Pipeline totaling $ 4,4 million. In addition, new cybersecurity requirements for the pipeline industry were promptly approved. In addition, the US Department of Justice asked attorneys general across the country to prioritize ransomware attacks on the same level as terrorism cases. The government also announced that it would address the issue at every meeting with partners on President Joe Biden's planned first international trip.
Ransomware attacks have the same priority as terrorism
In addition, Anne Neuberger, Deputy National Security Advisor for Cyber and Emerging Technology, published a memo in which she calls on companies to take the threat of ransomware seriously and specifies concrete measures how they can protect themselves against it. In his latest blog post, Christopher Budd, Avast's Global Senior Threat Communications Manager, explains what happened last month and why the ransomware industry may change fundamentally as a result of the response from the US government.
The measures are already having an impact on ransomware operators and can usher in a positive, new phase in the fight against blackmail software. The exact effects include:
- Both the Darkside and REvil / Sodinokibi ransomware groups have made unprecedented statements attempting to distance themselves from the effects of the Colonial Pipeline and JBS attacks, respectively.
- The Darkside group has lost control of its infrastructure and payment systems, which is effectively driving them out of business.
- XSS and Exploit, two large underground forums that host ransomware ads, are now banning them. This will make it more difficult for ransomware manufacturers to sell their malicious goods and services in the future.
- Some of Darkside's partners have even taken the case to the “hacking court” to try to recover Darkside's lost funds.
While it is too early to say whether the measures will have lasting effects, they show promise.
More at Avast.com
About Avast Avast (LSE: AVST), a FTSE 100 company, is a leading global provider of digital security and privacy products. Avast has over 400 million online users and offers products under the Avast and AVG brands that protect people from threats from the Internet and the evolving IoT threat landscape. The company's threat detection network is one of the most advanced in the world, using technologies like machine learning and artificial intelligence to detect and stop threats in real time. Avast's digital security products for mobile, PC or Mac have been top-rated and certified by VB100, AV-Comparatives, AV-Test, SE Labs and other test institutes.