Decoding the government's dire ransomware warnings
Add Axios as your preferred source to
see more of our stories on Google.
Illustration: Sarah Grillo/Axios
Despite the government's best efforts, squashing ransomware still remains one of U.S. cyber officials' toughest tasks.
Driving the news: During public appearances at the Aspen Cyber Summit earlier this week, government officials gave a rare glimpse into just how difficult ransomware is to fight.
What they're saying: "We’ve only seen the problem continue to get worse, even with all of the efforts we’ve made," said Paul Abbate, deputy director of the FBI, during the summit.
- "Ransomware continues to happen at unacceptable levels," said Rob Silvers, the Department of Homeland Security's under secretary for strategy, policy and plans, at the event.
- "We see enough attempted intrusion, and successful intrusions, every day that we're not letting our guard down even a little bit," Silvers added.
The big picture: The U.S. government has thrown all of its resources at the ransomware problem since an attack forced the Colonial Pipeline to shut down last year. But that still isn't enough to deter ransomware criminals.
State of play: In recent months, most government officials have either focused their public remarks about ransomware on the work they're doing to fight ransomware or on the success those efforts have had.
- For example, National Security Agency Cybersecurity Director Rob Joyce said in May that ransomware had gone down due to a recent round of sanctions.
- The White House hosted a group of 36 other governments earlier this month to discuss their counter-ransomware efforts. During an hourslong closing session, most government leaders focused on the progress their countries have made, rather than the steep road ahead.
Between the lines: A growing number of high-profile attacks in recent months — including the September attack on the L.A. Unified School District and another attack last month on CommonSpirit Health — are playing into renewed public warnings.
- The Treasury Department also reported earlier this month that suspected payments to ransomware gangs have skyrocketed, totaling a new high close to $1.2 billion in 2021.
Between the lines: Ransomware gangs are constantly reinventing themselves, changing targets and building new tools to better attack victims — creating an ever-moving target for regulators and companies.
- Many ransomware gangs have started putting more of an emphasis on getting victims to pay to prevent data leaks, rather than for encryption keys that will help unlock any files the ransomware seized — changing how companies respond to attacks.
The intrigue: Foreign governments have also started deploying ransomware in their attacks against one another in recent years, underscoring just how pervasive the threat has become.
- Last week, Microsoft attributed a ransomware attack on Ukrainian and Polish transportation and logistics organizations to a Russian state-sponsored group known as Iridium.
- Iran also launched a successful ransomware attack against the Albanian government in July.
Yes, but: The U.S. government has still made tackling the problem a priority, even if it remains an uphill battle.
- During the White House's ransomware summit, each participating government pledged to not harbor ransomware criminals and to dedicate more resources to detecting and responding to the threat.
- Last week, federal investigators announced that they had seized more than $3 billion worth of cryptocurrencies in a case involving a dark web marketplace, underscoring the improvements made to capturing cybercriminals' payments.
What's next: Many of those existing efforts need more resources to build capacity so they can properly tackle ransomware.
- "Scale is really the name of the game at this point," said Megan Stifel, chief strategy officer at the Institute for Security and Technology, during the Aspen event.
Sign up for Axios’ cybersecurity newsletter Codebook here.
