By CHHS Extern Barbara Key
In the 2023 National Cybersecurity Strategy, the White House stated, “Together with our allies and partners, the U.S. will disrupt and dismantle threat actors by addressing the ransomware threat through a comprehensive Federal approach, in step with our international partners.” To that end, a recent Joint Advisory by the U.S. Cybersecurity and Infrastructure Security Agency and its U.S. and international partners, highlights the threat posed by ransomware threat actors using LockBit – which functions as a Ransomware-as-a-Service model where affiliates are recruited to conduct ransomware attacks using LockBit ransomware tools and infrastructure. Although ransomware impacts all sectors, the FBI warned that the federal government is particularly concerned about its impact on government and other critical infrastructure networks because these types of attacks can delay a police or fire department’s response to an emergency or prevent a hospital from accessing lifesaving equipment.
In addition to the impacts of ransomware on government and other critical infrastructure, recently, Verizon released the results of its 16th annual Data Breach Investigations Report (2023 DBIR), which highlighted the soaring costs of ransomware with 95% of incidents that experienced a loss costing between $1 and 2.25 million.
Despite these warnings, in late May, Clop – a Russian ransomware gang, executed a sprawling hacking campaign that targeted major U.S. universities and state governments in which they gave victims until 14 June to discuss a ransom before they would start publishing data from companies they claim to have hacked. Furthermore, CNN reported, on 15 June several U.S. federal government agencies were hit in a global cyberattack by the same Russian criminals. While no ransom demands have been made of federal agencies, this hacking campaign, which exfiltrates employee sensitive information, mounts pressure on federal officials who pledged to put a dent in the scourge of ransomware attacks that have crippled schools, hospitals and local governments across the U.S.
With damage related to cybercrime projected to hit $10 trillion annually by 2025, the White House declared, in a 27 June memorandum to the Heads of executive departments and agencies, “Ransomware is a threat to national security, public safety, and economic prosperity.” Further, the Administration re-stated its commitment to mounting disruption campaigns, which use tools of national power to make malicious actors incapable of threatening the U.S. security, safety, and economy, and other efforts that are so targeted that they render ransomware no longer profitable. However, beyond its profitability, according to the Arms Control Association, based on the 2018 Nuclear Posture Review’s claim that an enemy cyberattack on U.S. nuclear command, control, and communications (NC3) facilities would constitute a “non-nuclear strategic attack” of sufficient magnitude to justify the use of nuclear weapons in response, new hybrid ransomware attacks such as RedEnergy – which unveils a powerful blend of stealthy data theft and encryption designed to cause extensive harm and establish complete control over its targets, “could lead to a major conflict and possibly nuclear war.”