Biden Administration To Convene 30 Countries To Crack Down on Ransomware Threat (cnn.com) 65
The White House will convene a 30-country meeting this month to try to ramp up global efforts to address the threat of ransomware to economic and national security, President Joe Biden said in a statement shared exclusively with CNN. From a report: "Cyber threats affect the lives and livelihoods of American families and businesses," national security adviser Jake Sullivan said in a statement to CNN. Sullivan said the administration would "continue to build on our whole-of-government effort to deter and disrupt cyberattacks." The goal of the alliance will be "to accelerate our cooperation in combatting cybercrime, improving law enforcement collaboration, stemming the illicit use of cryptocurrency, and engaging on these issues diplomatically," Biden is set to announce Friday, according to the statement. The announcement follows a series of ransomware attacks on US critical infrastructure firms in recent months, including one that forced major US fuel supplier Colonial Pipeline to shut down for days.
The first meeting of the multilateral initiative will be held virtually. It's part of a recurring effort to cut off revenue for ransomware groups and figure out ways to prosecute them, according to the White House. In bolstering US cybersecurity, "the Federal government needs the partnership of every American and every American company in these efforts," Biden added. Biden in June urged Russian President Vladimir Putin to crack down on cybercriminals operating from Russian soil, but US officials have been skeptical of Moscow's willingness to do so. After a brief period of quiet from some ransomware groups following the Biden-Putin meeting, hackers have claimed multiple US companies as victims in recent weeks.
The first meeting of the multilateral initiative will be held virtually. It's part of a recurring effort to cut off revenue for ransomware groups and figure out ways to prosecute them, according to the White House. In bolstering US cybersecurity, "the Federal government needs the partnership of every American and every American company in these efforts," Biden added. Biden in June urged Russian President Vladimir Putin to crack down on cybercriminals operating from Russian soil, but US officials have been skeptical of Moscow's willingness to do so. After a brief period of quiet from some ransomware groups following the Biden-Putin meeting, hackers have claimed multiple US companies as victims in recent weeks.
One idea... (Score:4, Insightful)
Break the corporate veil and make it a personal felony for a company's CEO if any member of the company pays a ransomware ransom.
Re: (Score:2)
Kind of like how cracking down on companies that obey Chinese law is working.
Re:One idea... (Score:4)
Sorry, but that is the view of somebody who watched too many movies.
In reality, everybody pays ransom and the government *does* negotiate with terrorists.
Because the alternative is everybody ripping you a new one if the hostages die and the data is lost.
It might still happen, sure. But you don't wanna be the one they're after.
And I'd bet money you'd be one of those after them, if you'd lose data.
Because that's what you effectively seem to argue: "I'm completely OK with losing all my data."
Professionals usually go a different route: Make sure you catch them when sending them the money.
E.g. by telling the government of the criminal's country, that they have the choice of tracing that money to a person for them, or risk getting their asses handed to them.
For the record: This, right now, ... is the ass handing part. :)
Re: (Score:3)
I think the argument is that attacks are less likely to happen in the first place when the victim has to break the law in order to pay the ransom, because there will be even fewer people willing to do it.
And yes, if one doesn't have a mitigation strategy for recovering their data without paying a ransom, then they damn well *SHOULD* be okay with losing all their data. Anything else is entitlement.
Re: (Score:2)
if one doesn't have a mitigation strategy for recovering their data without paying a ransom, then they damn well *SHOULD* be okay with losing all their data.
Yeah that should leave them open to a shareholder/customer lawsuit imo. It's just negligence, we've known that you should have backups for over 50 years now.
Re: (Score:3)
Re: One idea... (Score:2)
Catch most of the little fish and the big fish start to get hungry. Seriously, if the incentives to write good ransomware are weakened enough then the brains of the operation will find something else to do; maybe even something usefulâ¦
Re: (Score:2)
Upset big corporations? Never.
Re: (Score:1)
that's not the corporate veil, the corporate veil protects investors/shareholders.
Tried that, doesn't work (blaming the victim) (Score:2)
We've tried the concept of saying being the victim of the crime makes you a criminal. The whole "if you get hacked, you commited a crime" thing.
The result of that is that victims keep it quiet.
Keeping it quiet is helpful to criminals, the attackers.
So yeah, that concept doesn't work. I suppose it was worth a try, but it didn't end up working.
More recently we've been going in the opposite direction. Trying to encourage open communication. Requiring disclosure. Shining the light, in other words. That seems t
Re: (Score:1)
The idea is not to "blame the victim". The idea is to escape a prisoner's dilemma by changing the payoff matrix for the people you actually control, thus creating a strong incentive fore solidarity.
If there's no cost to you from paying a ransom (other than the ransom itself), then you have reason to pay. But that applies to everybody, so the ransomware operators know there's a very good chance that they will in fact get paid.
However, if nobody is allowed to pay, and that is enforced reasonably effectively,
Blaming the Whistleblower (Score:2, Troll)
The ransomware criminals are actually the whistleblowers on our sloppy security. They should be paid double.
Without them, our security would be even worse than it currently is.
And then watch out if there is ever serious trouble with China over Taiwan. Imagine virtually every if system compromised. No banks, no power, no water, cars stopped on the roads, dam gates opened. Who needs aircraft carriers?
It should be mandatory to pay ransoms. The more the better. Because CEOs just do a simple calculation,
Re: Tried that, doesn't work (blaming the victim) (Score:1)
As long as your solution doesnâ(TM)t cost more than $400k/y they will be okay with it.
These companies need to follow the law and go bankrupt, that is what capitalism demands, not that your board, like that oil pipe company, with the blessings of the White House and assisted by the FBI pay the ransom to a set of terrorists.
If there is nothing to be paid, the terrorists will stop. If bankruptcy is a threat, then companies will pay attention. But as long as government blesses this sort of crap because the
Re: (Score:2)
Re: (Score:2)
Break the corporate veil and make it a personal felony for a company's CEO if any member of the company pays a ransomware ransom.
It increases the cost of saving the company from money to money + possible jail time. Still a risk some CEO's will pursue, and weirdly, they may be the more ethical ones.
Plus, organizations are now much less likely to get the authorities involved since there's a risk of criminal liability.
The real way to get rid of ransomware is to get rid of the thing that started it, cryptocurrency.
As long as there's a way to digitally transfer and then easily anonymize an arbitrary amount of money it's going to be very d
Re: (Score:2)
> The real way to get rid of ransomware is to get rid of the thing that started it, cryptocurrency.
Um, cause it wasn't bad security that caused the breaches, am I right?
Re: One idea... (Score:2)
The real way to get rid of ransomware is to get rid of the thing that started it, cryptocurrency.
As long as there's a way to digitally transfer and then easily anonymize an arbitrary amount of money it's going to be very difficult to prevent ransomware.
Save your breath.
I've been saying this repeatedly for about 2 years, but the stupids/Russian shills on here conveniently have willful blindness regarding the clear relationship between Ransomware and Cryptocurrency.
If you want to make something illegal, make Cryptocurrency illegal. Ransomware will all but disappear almost overnight.
Try it, world. Prove us wrong.
Re: (Score:2)
Re: (Score:2)
It isn't always about money. Sometimes it is about destruction and disruption, typical for Ukraine to be on the receiving end of this, with many suggesting that Russia agencies were the source.
One thought was that the intention was to break communication then seize land. Money isn't always the motivation.
SELinux seems to be a good solution.
Re: (Score:2)
Doesn't prevent criminals from walking away with a copy of one's data, nor prevent an extortion scheme via DDOS.
Re: (Score:1, Troll)
$350 billion-per-year for a decade is hardly going to break the bank on anything, inflation included. We spent $720 per year on the military and no one questions it and inflation is but a whisper during those budget agreements.
And if you are talking about Saule Omarova I would suggest readers lok up what she is actually proposing and the rule changes against the banking industry she supports and could enact (her federal reserve bank accounts plan would require legislation to enact). Someone who the banki
Re: offline pulled backups (Score:1)
Perhaps you should look into the history of Omarova, she was the one that designed the housing crisis by making banks provide loans to lenders that could not afford it.
Now she wants to do it again, not only that, she advocates that if you miss mortgage payments, instead of settling with your bank, the government should claim eminent domain on your property.
Re: (Score:3)
Surprised you didn't say, outlaw cryptocurrency, since without that it would be harder to pay ransoms. People might actually have to use midnight runs, and suitcases full of unmarked bills.
Re: (Score:2)
How would outlawing cryptocurrency actually do anything to them at all? How would you even tell a TOR packet that contains some cryptocurrency transfer from random data?
It would stop NFT scams and the like, sure. And that's already a great thing. But it would not stop or even affect the non-Wall-Street criminals.
Re: (Score:3)
Re: (Score:2)
How would you even tell a TOR packet that contains some cryptocurrency transfer from random data?
How would "I", or how would an institution that commands resources like this [wikimedia.org] tell the difference, because I can imagine it's magnitudes difference. And that's just the parking lot.
Re: (Score:2)
Outlawing the purchase or sale of cryptocurrency would end ransomware, because the other payment methods have proven impractical. Ransomware works only when the target can buy cryptocurrency. Otherwise it might as well be some old-school wiper malware.
Re: (Score:3)
Exactly, if one could not convert crypto into fiat currency or vice versa would anyone value it nearly as much as they do? Would vendors even accept it for transactions if they could only then use it for other sales with crypto? Without fiat currency in the mix there is no economy for crypto currently.
Re: Where this leads (Score:1)
Paying the ransom is already illegal, why do you think banning crypto would suddenly make them think twice?
Ransomware is a simple business calculation, the chance of getting hit * sum of payment = remedy. And while the cost of the remedy is well known, the sum of payment is a negotiation with an upper limit the other party already knows and will thus tune to remain below the cost of the remedy.
It is a protection racket, and as long as government treats the businesses as victims instead of complicit in RICO
Re: (Score:2)
Paying the ransom is already illegal, why do you think banning crypto would suddenly make them think twice?
Because it won't be up to the victim companies any more, this would be outlawing the means any company would need to be able to pay the ransom at all. Without cryptocurrencies, moving money internationally in untraceable ways becomes massively more difficult. We know from history that under these conditions, ransomware cannot work.
Re: (Score:1)
Ransomware existed before crypto became a big thing. Sure it made it easier, but in prior years it was just being washed through a list of other compromised businesses and mules before exiting abroad.
Re: (Score:2)
Ransomware existed before crypto became a big thing.
From what I can find, before cryptocurrency, it was only once tried by a madman who requested payment by cash through the mail, and he was immediately traced through the mailing location and arrested. Do you have any information on any other pre-cryptocurrency ransomware attempts?
Re: (Score:1)
Gpcode, TROJ.RANSOM.A, Archiveus, Krotten, Cryzip, and MayArchive are the older ones (besides the AIDS virus you mention)
CryptoWall was really the big turning point for ransomware. Initially it did not accept BitCoin, later versions did, instead they wanted direct money transfer (MoneyPak, Paysafecard, UKash) or pre-paid gift cards.
Pre-paid gift cards is still a pretty big option, typically if they infect a personal computer, the victim is then told to go to the corner store and buy like $100 worth of gift
Re: (Score:2)
Interesting, I didn't realize there were over a half-dozen. Still, pre-cryptocurrency ransomware was extremely rare and a tiny cottage industry compared to the booming, partially state-backed 9-digit ransomware industry of the cryptocurrency era. Returning it to a footnote fit for the malware curio cabinet would be practically just as good as eliminating it completely.
Also note that 2 of those pre-CC ransomwares used e-gold or Liberty Reserve, which were shut down by the US government, just as all cryptocur
Re: (Score:2)
Cryptocurrency, which was specifically designed for money laundering, is helping make the payments more difficult to track both ends of the transactions.
Re: (Score:2)
What if bad people just start doing it for the lulz?
30 Countries? (Score:5, Insightful)
You only need one country - Russia.
Unless Russia is on board, you could have 100 countries show up and whine about not being able to do shit, and it would amount to the same useless press event. You need to take away the protection that these ransomware asshats enjoy, and only then will you be able to do something about it.
Russia is helping us against China (Score:1)
Without the Russian hackers our software would have even more sloppy security than it does now.
When China attacks Taiwan, we would be toast. At least there is now some vague attempt to plug the biggest holes.
Re:30 Countries? (Score:4, Insightful)
Ukraine is another that's going to be key, for all the same reasons. Ransomware gangs are overwhelmingly Russian linguistically, but a good portion of them comes out of Ukraine.
Re: (Score:2)
Re: (Score:2)
Stop putting words into my mouth. When did I say that Russia is some super villain? I said they are offering safe harbor to ransomeware asshats through ambivalence, as long as they don't hit Russian interests. Elsewhere, someone also listed Ukraine, which is 100% true. Were they calling Ukraine a "super villain" as well for the same reason?
You are making the same victim-blaming argument as someone who leaves their keys in the car, and the car gets stolen. Did they make it easier? Sure. But it's still
It's not just "ransomware" (Score:3)
Ever since last week there have been coordinated DDoS attacks going on against large VoIP service provider. Starting with VoIP.MS and then Bandwidth.Com. The bad actors basically slam the provider's network with upwards of 130 Gbps of traffic, send along ransom requests to stop the attacks, then lather rinse and repeat --> https://www.bleepingcomputer.c... [bleepingcomputer.com]. Seeing how a lot of large companies use these SIP providers --- from Microsoft to Google --- this is a big deal too.
the war on drugs (Score:3)
Great, so now in addition to the unwinnable and ever-more-expensive war on drugs, we'll have an unwinnable and ever-more-expensive war on ransomware.
Re: (Score:2)
Oh I don't know. If we digitally blockaded Russia and China in a similar manner to Cuba, problem will be solved in no time.
Re: (Score:2)
stop NSA/CIA hoarding vulns don't you mean?
Ransomware using vulns NSA/CIA weaponised. (Score:2, Informative)
I'd prefer if Biden ensured the NSA/CIA disclosed vulnerabilities and did not try to create backdoors that are being used for Ransomware attacks.
This is like the farmer going out and whipping the fields because the horses got out of the stable he left open.
30 countries? Dumbass, you're President now. (Score:2)
Take action to shore up our defenses (not some worthless interagency group), hit Russia and China back when they hit us, and show the rest of the world how it's done.
Shouldn't He Be Convening With Microsoft (Score:2)
And asking them why ransomware is an almost exclusively Windows issue?
I mean, is not the elephant in the room the ease with which the dominant desktop OS is used as platform for such attacks?
That would be the most obvious place to fight it, IMHO.
Re: (Score:3)
Re: (Score:2)
And asking them why ransomware is an almost exclusively Windows issue?
Go take a look.
VMWare has had a number of vulnerabilities they've had to plug over the past year; hackers were ransoming entire VMs. QNAP had a handful, too. Admittedly, some were as low-tech as putting everything in password protected 7-zip files, but ransomware it is, just the same.
On the topic of points-of-entry, a number of VPN vendors have had some patches rushed out the door of late; Cisco and Sonicwall readily come to mind.
I'll be more than happy to agree that Windows has its disproportionately high
Why not tax ransomware payments? (Score:2)
Come on, man! (Score:2)
Cornpop was a bad dude.
All Hail Biden (Score:2)
All Hail Biden, the great convener. One day, maybe he won't screw something up. Still waiting for that day.