Ransomware festers as a top security challenge, US intel leaders say | Dump Trucks Charlotte NC

First published on

Ransomware remains a persistent threat, despite law enforcement actions aimed at disrupting the infrastructure threat actors rely on to conduct their attacks, according to the Office of the Director of National Intelligence’s latest annual threat assessment.

“Transnational organized criminals involved in ransomware operations are improving their attacks, extorting funds, disrupting critical services and exposing sensitive data,” said the report, which was publicly released Monday. “Important U.S. services and critical infrastructure such as healthcare, schools and manufacturing continue to experience ransomware attacks.”

National intelligence leaders warned that the ransomware problem is worsening and is growing more difficult to combat.

Leaders of the U.S. government’s intelligence agencies, including the CIA, FBI, National Security Agency, Department of State, Defense Intelligence Agency and ODNI testified Monday in a hearing with the U.S. Senate Select Committee on Intelligence, in tandem with the report’s release.

Threat actors are capitalizing on decentralized and inexpensive infrastructure, which allows for specialized ransomware activity to proliferate in an anonymous manner, the report said. “This interconnected system has improved the efficiency and sophistication of ransomware attacks while also lowering the technical bar for entry for new actors.”

Federal authorities acknowledged the constraints or limited capabilities that prevent more long-lasting impacts from law enforcement action against ransomware operators.

While some global criminal syndicates temporarily cease operations following law enforcement actions, ransomware operators and their affiliates often find ways to rebrand and renew their activities, authorities said in the report.

AlphV’s involvement in a highly damaging ransomware attack against Change Healthcare is a particularly sour development after a global law enforcement action in December shut down the infrastructure of the ransomware group, also known as BlackCat. AlphV emerged within hours of the takedown and remains active.

LockBit, another ransomware as a service group that reestablished operations within days of a global law enforcement effort which dismantled the group’s infrastructure, remains the most-prolific criminal group in the field.

“Absent cooperative law enforcement from Russia or other countries that provide cyber criminals a safe haven or permissive environment, mitigation efforts will remain limited,” the report said.