The months that followed President Joe Biden warned Russia’s Vladimir PutinHe needed to clamp down. ransomware gangs in his country, there hasn’t been a massive attack like the one last MayThis led to gasoline shortages.

But that’s small comfort to Ken Trzaska.

Trzaska is president of Lewis & Clark Community College, a small Illinois school that canceled classes for days after a ransomware attack last month that knocked critical computer systems offline.

“That first day,” Trzaska said, “I think all of us were probably up 20-plus hours, just moving through the process, trying to get our arms around what happened.”

Even if the United States isn’t currently enduring large-scale, front-page ransomware attacks on par with ones earlier this year that targeted the global meat supply or kept millions of Americans from filling their gas tanks, the problem hasn’t disappeared. In fact, the attack on Trzaska’s college was part of a barrage of lower-profile episodes that have upended the businesses, governments, schools and hospitals that were hit.

The college’s ordeal reflects the challenges the Biden administration faces in stamping out the threat — and its uneven progress in doing so since ransomware became an urgent national security problem last spring.

U.S. officials made several arrests, stopped cryptocurrency abuses, and seized ransom money. Spy agencies are launching attacks against ransomware group and U.S. officials have pushed for increased protections by federal, state, local, as well private, industries.

Yet six months after Biden’s admonitions to Putin, it’s hard to tell whether hackers have eased up because of U.S. pressure. The ransomware criminals operating out of Russia continue with small-scale attacks. Administration officials have given conflicting assessments about whether Russia’s behavior has changed since last summer. The U.S. has removed ransomware from its top priority list for relations with Russia. Washington focused on dissuading Putin from invading Ukraine.

The White House said it was determined to “fight all ransomware” through its various tools but that the government’s response depends on the severity of the attack.

“There are some that are law enforcement matters and others that are high impact, disruptive ransomware activity posing a direct national security threat that require other measures,” the statement said.

Ransomware attacks — in which hackers lock up victims’ data and demand exorbitant sums to return it — surfaced as a national security emergency for the administration after a May attack on Colonial Pipeline, which supplies nearly half the fuel consumed on the East Coast.

This attack caused the company to stop operations. Gas shortages lasted for several days. resumed service After paying over $4 million ransom. Soon after came an attack on meat processor JBSThe ransom payment was made by $11,000,000 to the owner of the property.

Biden met with Putin in June in Geneva, where he suggested critical infrastructure sectors should be “off limits” for ransomware and said the U.S. should know in six months to a year “whether we have a cybersecurity arrangement that begins to bring some order.”

He reiterated the messageIn July, the days following a major attack on a software company,Kaseya stated that the incident affected many businesses and that he expects Russia to act on cybercriminals if enough information is available from the U.S.

There have been a few notable attacks by groups that are believed to be located in Russia since then. Sinclair Broadcast GroupAnd the National Rifle AssociationHowever, it has not had the same impact or consequence as those last summer or spring.

Increased scrutiny of the U.S. Government or Fear thereof could be one cause.

September 2009: The Biden administration sanctioned a Russia-based virtual currency Officials believe that this exchange allowed ransomware gangs the ability to launder funds. The Justice Department has dropped charges against the suspect Ukrainian ransomware user who was detained in Poland last month. recovered millions of dollars in ransom payments. The U.S. Cyber Command’s head Gen. Paul Nakasone stated to The New York Times that the agency is now conducting offensive operations against ransomware organisations. The White House says that “whole-of-government” effort will continue.

“I think the ransomware folks, the ones conducting them, are stepping back like, ‘Hey, if we do that, that’s going to get the United States government coming after us offensively,’” Kevin Powers, security strategy adviser for cyber risk firm CyberSaint, said of attacks against critical infrastructure.

Two people who are not authorized to talk publicly about the issue say that U.S. officials shared names of some suspected ransomware users with Russian officials.

It’s unclear what Russia will do with those names, though Kremlin spokesman Dmitry Peskov insisted the countries have been having a useful dialogue and said “a working mechanism has been established and is actually functioning.”

It’s also hard to measure the impact of individual arrests on the overall threat. He is currently being extradited to the U.S. by the suspect ransomware hackers after his arrest in Poland. A second indictment was made by federal prosecutors and was later reported to be in Russia by a British tabloid.

Some people are skeptical of attributing the drop in attacks on high profile targets to U.S. efforts.

“It could have just been a fluke,” said Dmitri Alperovitch, former chief technology officer of the cybersecurity firm Crowdstrike. He said asking Russia to crack down on large-scale attacks won’t work because “it’s way too granular of a request to calibrate criminal activity they don’t even fully control.”

American leaders have offered contradictory answers to questions about ransomware trends since Biden’s discussions with Putin. Some FBI and Justice Department officials say they’ve seen no change in Russian behavior. National Cyber Director Chris Inglis said there’s been a discernible decrease in attacks but that it was too soon to say why.

It’s hard to quantify the number of attacks given the lack of baseline information and uneven reporting from victims, though the absence of disruptive incidents is an important marker for a White House trying to focus its attention on the most significant national security risks and catastrophic breaches.

Victims of ransomware attacks in the past few months have included hospitals, small businesses, colleges like Howard University — which briefly took many of its systems offline after discovering a September attack — and Virginia’s legislature.

The attack at Lewis & Clark, in Godfrey, Illinois, was discovered two days before Thanksgiving when the school’s IT director detected suspicious activity and proactively took systems offline, said Trzaska, the president.

Trzaska was not able to identify the perpetrators or reveal the ransom demand from hackers. While hackers often target Russia and Eastern Europe in attacks, others originate from elsewhere.

With vital education systems affected, including email and the school’s online learning platform, administrators canceled classes for days after the Thanksgiving break and communicated updates to students via social media and through a public alert system.

This month, the college which was able to restore backups of most of its servers resumed operation.

Trzaska was able to overcome the ordeal and inspire another college president to create a cybersecurity committee.

“The stock quote from everyone,” Trzaska said, “is not if it’s going to happen but when it’s going to happen.”

Suderman was based in Richmond, Virginia. Report by Dasha Litvinova (Associated Press), Moscow


Share Your Comment Below


Please enter your comment!
Please enter your name here