TOP News

Politics: The ransomware unicorn

Accounts deceivable: Email scam costliest type of cybercrime

  Accounts deceivable: Email scam costliest type of cybercrime RICHMOND, Va. (AP) — A shopping spree in Beverly Hills, a luxury vacation in Mexico, a bank account that jumped from $299.77 to $1.4 million overnight. From the outside, it looked like Moe and Kateryna Abourched had won the lottery. But this big payday didn't come from lucky numbers. Rather, a public school district in Michigan was tricked into wiring its monthly health insurance payment to the bank account of a California nail salon the Abourcheds owned, according to a search warrant application filed by a Secret Service agent in federal court. The district — and taxpayers — fell victim to an online scam called Business Email Compromise, or BEC for short, police say.

When the final numbers are tallied for 2021, ransomware will pass a grim milestone: Reported payments to ransomware groups last year will top $1 billion, making ransomware the most unwelcome unicorn enterprise. This exponential growth is explained in part by the rise of ransomware groups operating like enterprises - offering ransomware-as-a-service, a business model through which ransomware groups lease their malware to affiliated groups for a fee or a share of the profits.

text: The ransomware unicorn © ROB ENGELAAR/AFP/Getty Images The ransomware unicorn

The nature of threat - as an enterprise rather than an ideology - presents an opportunity. Ransomware groups by and large have shown themselves to be rational actors that engage in cost-benefit calculus, affording the government and private sector levers to change their behavior. If 2022 is to mark an inflection point in the fight against ransomware, we must do more to change the incentives.

Heat SG Tyler Herro placed in health and safety protocols

  Heat SG Tyler Herro placed in health and safety protocols The former Kentucky Wildcat is in is third NBA season and is currently averaging career highs in points (20.7), assists (4.0) and minutes per game (32.9), while posting a .430/.388/.876 shooting line. Lowry was acquired by Miami from the Toronto Raptors in August 2021 and leads the Heat in assists (8.3) and minutes per game (34.2). The six-time All-Star is also averaging 13.4 points, 4.5 rebounds and 1.0 steals across 39 games.Okpala is in his third NBA season and has averaged 3.7 points, 2.0 rebounds and 11.6 minutes per contest in 21 games off the bench thus far.

First, the U.S. government needs to enforce the red lines it has drawn to protect critical infrastructure. The Biden administration made it clear which targets raise heightened levels of concern when it provided Russian President Vladimir Putin with a list of 16 areas of critical infrastructure that it considers off-limits, including the energy, health care and agriculture sectors.

The only way to obtain compliance with those lines is to raise the costs of crossing them. That includes criminal charges, disruptive cyber operations, payment seizures and arrests of individuals connected to such actions. Earlier this year we saw this kind of decisive action to shutter the REvil ransomware group that was responsible for the Colonial Pipeline attack, among others.

Warriors' Steve Kerr thinks a 72-game schedule would prevent teams from resting star players

  Warriors' Steve Kerr thinks a 72-game schedule would prevent teams from resting star players Steve Kerr thinks a shorter regular-season schedule will solve the problem of star players sitting out games."To me, what makes the most sense is cutting back to maybe a 72-game schedule," Kerr said Saturday, via Mark Haynes of Clutch Points. "Take 10 games off and get more time to rest in between games. I think you'll get teams to play their guys more often.

Second, ransomware groups must be denied safe havens. They largely operate out of jurisdictions - in particular Russia - where governments tolerate their activities to the point of complicity. The inaction of those foreign governments means would-be hackers face little risk for perpetrating the next attack. To achieve lasting results, costs must be imposed not just on the individual actors, but also on the governments that fail to hold them accountable.


Video: Russian intelligence service arrests members of Ransomware gang REvil (NBC News)

Although President Biden raised the issue of ransomware in his bilateral meeting with Putin, the United States has not imposed any significant direct costs on Russia or other governments for failing to take action to stem ransomware attacks originating from their jurisdictions. The U.S. foreign policy establishment is appropriately focused on the Ukraine crisis as we start the year, but we should not let that single issue occupy the field when it comes to our foreign policy toward Russia.

Ukraine: Microsoft finds 'destructive' malware

  Ukraine: Microsoft finds 'destructive' malware Destructive malware capable of wiping data has appeared on dozens of computer systems at Ukrainian organizations, including government agencies, non-profits and technology organizations, Microsoft has warned. © Valentyn Ogirenko/Reuters A laptop screen displays a warning message in Ukrainian, Russian and Polish that appeared on the official website of the Ukrainian Foreign Ministry. The disclosure is an added worry for Ukrainian government agencies after many of their websites were hacked this week and replaced with threatening messages to Ukrainians that their data had been compromised.

The United States should signal foreign policy action connected directly to the issue of ransomware. For example, the U.S. government could expand existing sanctions to prohibit U.S. institutions from participating in the secondary market for Russian sovereign bonds, which would deny the Russian government access to capital and would depreciate the value of its bonds. In the alternative, the U.S. government could sanction a Russian financial institution or defense sector company, which would more directly impact the interests of Russian decisionmakers. Critically, the U.S. government should communicate to Russia the measurable conditions that would result in the removal of the sanctions.

Third, we can lean on the insurance industry to alter the circumstances and dynamics that have resulted in so many victims paying ransoms to recover their data. Too often, insurance has been seen as part of the problem, with some suggesting that cyber insurance coverage for ransoms should be prohibited because it fuels the rise in ransoms.

But the insurance industry plays an important role in incentivizing better cybersecurity practices that make the private sector less susceptible to attack. As any company that has recently searched for cyber insurance can attest, insurers' requirements for obtaining cyber insurance have become more exacting. These underwriting requirements - which often look at whether companies employ cybersecurity best practices like multifactor authentication, endpoint detection tools and encryption of sensitive data - are an opportunity to incentivize private sector practices that will collectively reduce the prevalence of attack.

Thus, rather than banning cyber insurance, which would unreasonably force victim companies to bear the entire cost of recovery, the U.S. government could work with insurance carriers to ensure that underwriting requirements are making the private sector more resilient to ransomware attacks, and that insurance policies provide incentives to companies to recover from incidents by means other than paying a ransom.

The actions we propose would be significant - and they require careful deliberation - but to make inroads on the threat of ransomware, we need to start treating ransomware like the billion-dollar problem it is.

Alex Iftimie (@aiftimie) and Brandon Van Grack (@BVanGrack) are former senior national security officials at the U.S. Department of Justice.

Hillicon Valley — Tech giants hit with Jan. 6 panel subpoenas .
Today is Thursday. Welcome to Hillicon Valley, detailing all you need to know about tech and cyber news from Capitol Hill to Silicon Valley. Subscribe here: thehill.com/newsletter-signup. Follow The Hill's tech team, Chris Mills Rodrigo (@millsrodrigo) and Rebecca Klar (@rebeccaklar_), for more coverage. Leading social media companies were subpoenaed by the House panel investigating last year's attack at the Capitol for information about the spread of misinformation and extremism on the platforms ahead of the riot.

See also