Government officials and cybersecurity experts are increasingly viewing ransomware as a serious threat to national security with some proposing that the federal government go after ransomware gangs with the same tools used to prosecute drug cartels and other criminal organizations.
Escalating attacks on governments, school districts and healthcare organizations during the coronavirus pandemic demonstrate ransomware’s danger, said Philip Reiner, chief executive of the Institute for Security and Technology, a cybersecurity nonprofit.
The malware, which hackers use to lock up computer systems and then demand ransom payments, started as a low-level economic nuisance. Gangs now resemble major criminal organizations that extort billions of dollars from the public and private sectors and put lives at risk. Targeted attacks against critical infrastructure also show the severity of the danger, Mr. Reiner said.
The damage ransomware inflicts can extend far beyond the ransom. An attack on the University of Vermont Medical Center last October, for instance, cost the hospital around $1.5 million for each day its systems were down, its CEO told reporters at the time.
“It’s risen to the level of a national security threat. And when that is understood and accepted, that means you can shift priorities, for instance, within the intelligence community or within law enforcement,” said Mr. Reiner, who was a senior official on the National Security Council from 2011 to 2015.
Megan Stifel, who served as the director of international cyber policy on the NSC from 2013 to 2014, said further action is needed across diplomatic and legal channels as well as the private sector to curtail the threat from ransomware.
“In some cases, that may be practical tools, but in others, it is going to require policy adjustment,” she said.
Ms. Stifel, the Americas executive director for the cybersecurity nonprofit Global Cyber Alliance, co-chaired a working group along with Mr. Reiner and others that published a report Thursday outlining changes to effectively combat ransomware.
The working group comprised dozens of technology companies, including
While it wasn’t an official government working group, it included representatives from the Department of Homeland Security, the Federal Bureau of Investigation, the U.S. Secret Service and law-enforcement agencies in the U.K. and Canada.
The U.S. government in recent weeks has made clear its intention to aggressively pursue ransomware gangs. Homeland Security Secretary
described ransomware as a threat to national security in a speech on March 31.
“Those behind these malicious activities should be held accountable for their actions. That includes governments that do not use the full extent of their authority to stop the culprits,” he said.
The Wall Street Journal reported in April that the Justice Department has formed a task force dedicated to ransomware, which will examine links between cybercriminals and nation-states, among other areas.
Some recommendations in the working group’s report advocate treating ransomware gangs like major criminal organizations. The group suggests expanding the Racketeer Influenced and Corrupt Organizations Act to target ransomware gangs, and using State Department powers, such as denying visas, as tools to apply pressure on other governments.
The group also recommends tighter regulation of cryptocurrency markets, which are often used to facilitate ransom payments.
“Business as usual is not going to work,” said Michael Daniel, a co-chair of the working group and CEO of the Cyber Threat Alliance, an intelligence-sharing nonprofit. “We really need to think about how we can do this differently and what we can change that would actually affect the ransomware ecosystem,” said Mr. Daniel, who was a White House cybersecurity official in the Obama administration.
Part of the difficulty in tackling ransomware is that the gangs are often located in jurisdictions that don’t have extradition agreements with the U.S., Mr. Reiner said. They might have backing from governments, meaning diplomatic-level efforts often have to be pursued in tandem with other legal and economic actions, he said.
“You go after their infrastructure, you go after their funding. You go after the things that they’re actually relying on that allow them to behave in this way,” he said.
Jon DiMaggio, chief security strategist at cybersecurity firm Analyst Platform LLC, who has studied the cartel-like structure of prominent ransomware gangs, said the scale of their operations and their potential impact means using strong legal tools is necessary.
“If we’re talking about using the RICO Act and those resources, we only do that when we really start to take this seriously. And I think we’re there,” he said.
Write to James Rundle at firstname.lastname@example.org
Copyright ©2020 Dow Jones & Company, Inc. All Rights Reserved. 87990cbe856818d5eddac44c7b1cdeb8