[TheRecord] U.S. Cyber Czar: Too soon to tell if Russia ransomware has stopped

A top U.S. cybersecurity official said on Thursday that it was too soon to tell whether Russian ransomware gangs have let up their assault on U.S. targets.

“We have… seen that those attacks have fallen off. We’ve seen that those kinds of syndicates had, to some degree, deconstructed,” National Cyber Director Chris Inglis said during a panel discussion at the Ronald Reagan Institute in Washington, DC. “But I think it’s a fair bet that they have self-deconstructed, essentially gone cold and quiet, to see whether the storm will blow over and whether they can then come back.”

“I think it’s too soon to say that we’re out of the woods,” he added.

Inglis’ comments come days after the notorious digital group called “REvil” — which is widely believed to operate out of Russia and was responsible for the ransomware attack on meat processor JBS — reappeared online, months after it launched an attack against software company Kaseya that affected thousands of businesses worldwide.

Chris Inglis

The website, called the Happy Blog, was one of the many servers that REvil members utilized but it shut down on July 13. Many interpreted the move to mean the group had broken up or might be readying to unveil a new ransomware operation under a different moniker to confuse U.S. and international law enforcement.

In June, President Joe Biden presented Russian President Vladimir Putin with a list of critical infrastructure and said such entities were “off-limits” to cyberattacks. He publicly vowed that if they were struck by Russian-based cybercriminals, the U.S. would respond.

Inglis said Biden was “crystal clear” with Putin that Washington would hold the Kremlin “accountable, not simply for what the government does directly, but for a permissive attitude that allows actors within their spaces to hold this nation at risk and it’s critical infrastructure at risk.”

Biden pressed his Russian counterpart to “essentially clean up the mess on his aisle nine. It remains to be seen whether they will.” 

Deputy national security adviser Anne Neuberger made similar remarks last week during a White House press briefing where she stressed that Biden is “looking for action, with regard to addressing cyber activity, and we continue to look for that.”

Inglis cautioned that in cyber deterrence — against foreign election interference or ransomware — “you’re not going to simply shoot your way out of it. You’re not going to simply try to find a cyber bullet and shoot down the other side that is aiming their cyber gun at you.”

He added that successful deterrence involves a combination of steps, including increased resilience at home and consequences against online hacks.

“There’s all sorts of ways that we can concurrently apply pressure to make their life more difficult, make it such that even if they still aspire to do that work, they’ll fail in the bargain,” according to Inglis. 

The post U.S. Cyber Czar: Too soon to tell if Russia ransomware has stopped appeared first on The Record by Recorded Future.

Source: Read More (The Record by Recorded Future)

You might be interested in …

[SecurityWeek] Google: New Chrome Zero-Day Being Exploited

All posts, Security Week

For the seventh time this year, Google is dealing with zero-day attacks targeting users of its flagship Chrome web browser. The search advertising giant released a Chrome security refresh overnight with a warning that malicious hackers are actively exploiting a critical type confusion vulnerability to launch malware attacks. read more Source: Read More (SecurityWeek RSS […]

Read More

[BleepingComputer] Chinese hackers use new SolarWinds zero-day in targeted attacks

China-based hackers actively target US defense and software companies using a vulnerability in the SolarWinds Serv-U FTP server. […] Source: Read More (BleepingComputer)

Read More

Daily NCSC-FI news followup 2019-12-02

Meet PyXie: A Nefarious New Python RAT threatvector.cylance.com/en_us/home/meet-pyxie-a-nefarious-new-python-rat.html BlackBerry Cylance researchers have recently discovered a previously unnamed Python RAT were calling PyXie. PyXie has been observed in the wild since at least 2018 without much attention from the cybersecurity industry.. PyXie has been deployed in an ongoing campaign that targets a wide range of industries. […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.