[TheRecord] U.S. Cyber Czar: Too soon to tell if Russia ransomware has stopped

A top U.S. cybersecurity official said on Thursday that it was too soon to tell whether Russian ransomware gangs have let up their assault on U.S. targets.

“We have… seen that those attacks have fallen off. We’ve seen that those kinds of syndicates had, to some degree, deconstructed,” National Cyber Director Chris Inglis said during a panel discussion at the Ronald Reagan Institute in Washington, DC. “But I think it’s a fair bet that they have self-deconstructed, essentially gone cold and quiet, to see whether the storm will blow over and whether they can then come back.”

“I think it’s too soon to say that we’re out of the woods,” he added.

Inglis’ comments come days after the notorious digital group called “REvil” — which is widely believed to operate out of Russia and was responsible for the ransomware attack on meat processor JBS — reappeared online, months after it launched an attack against software company Kaseya that affected thousands of businesses worldwide.

Chris Inglis

The website, called the Happy Blog, was one of the many servers that REvil members utilized but it shut down on July 13. Many interpreted the move to mean the group had broken up or might be readying to unveil a new ransomware operation under a different moniker to confuse U.S. and international law enforcement.

In June, President Joe Biden presented Russian President Vladimir Putin with a list of critical infrastructure and said such entities were “off-limits” to cyberattacks. He publicly vowed that if they were struck by Russian-based cybercriminals, the U.S. would respond.

Inglis said Biden was “crystal clear” with Putin that Washington would hold the Kremlin “accountable, not simply for what the government does directly, but for a permissive attitude that allows actors within their spaces to hold this nation at risk and it’s critical infrastructure at risk.”

Biden pressed his Russian counterpart to “essentially clean up the mess on his aisle nine. It remains to be seen whether they will.” 

Deputy national security adviser Anne Neuberger made similar remarks last week during a White House press briefing where she stressed that Biden is “looking for action, with regard to addressing cyber activity, and we continue to look for that.”

Inglis cautioned that in cyber deterrence — against foreign election interference or ransomware — “you’re not going to simply shoot your way out of it. You’re not going to simply try to find a cyber bullet and shoot down the other side that is aiming their cyber gun at you.”

He added that successful deterrence involves a combination of steps, including increased resilience at home and consequences against online hacks.

“There’s all sorts of ways that we can concurrently apply pressure to make their life more difficult, make it such that even if they still aspire to do that work, they’ll fail in the bargain,” according to Inglis. 

The post U.S. Cyber Czar: Too soon to tell if Russia ransomware has stopped appeared first on The Record by Recorded Future.

Source: Read More (The Record by Recorded Future)

You might be interested in …

[BleepingComputer] Ransomware attack hits Italy’s Lazio region, affects COVID-19 site

The Lazio region in Italy has suffered a reported ransomware attack that has disabled the region’s IT systems, including the COVID-19 vaccination registration portal. […] Source: Read More (BleepingComputer)

Read More

[HackerNews] U.S. Declares Emergency in 17 States Over Fuel Pipeline Cyber Attack

All posts, HackerNews

The ransomware attack against Colonial Pipeline’s networks has prompted the U.S. Federal Motor Carrier Safety Administration (FMCSA) to issue a regional emergency declaration in 17 states and the District of Columbia (D.C.). The declaration provides a temporary exemption to Parts 390 through 399 of the Federal Motor Carrier Safety Regulations (FMCSRs), allowing alternate transportation of Source: Read More […]

Read More

[SANS ISC] TShark & jq, (Sat, Jan 8th)

All posts, Sans-ISC

TShark (Wireshark’s command-line version) can output JSON data, as shown in diary entry “Quicktip: TShark’s Options -e and -T“. jq is a JSON processor, that I’ve shown before in diary entries like “Retrieving and processing JSON data (BTC example)“. In this diary entry, I will show how to use tshark and jq to produce a […]

Read More

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.