April 9, 2024 at 10:09AM
The US government is offering bounties for information on ransomware gangs, but challenges remain in collecting information due to rigorous conditions and low payouts. Concerns are raised about the effectiveness of a criminal law enforcement approach in addressing ransomware attacks, compounded by the potential involvement of adversarial nations like Russia. The designation of some ransomware attacks as terrorism is proposed, citing instances of attacks targeting critical infrastructure and causing negative patient outcomes. The need for a stronger government response and reclassification of ransomware attacks as terrorist acts to combat the escalating threat is emphasized.
Meeting Notes Takeaways:
1. **US Government Approach to Ransomware:**
– The government has ramped up efforts, offering bounties for information on ransomware gangs. However, the effectiveness of these bounties is limited due to rigorous conditions and low payouts compared to the revenue of ransomware operators.
– The criminal law enforcement approach might not be enough to make a significant dent in ransomware attacks, especially considering the gray area that allows cybercriminal and nation-state operations to overlap.
2. **Ransomware Operators as Nation-State Proxies:**
– There is a significant overlap between cybercriminal activity and nation-state operations. Nations like Russia have been identified as providing safe havens and support for ransomware operations, with the majority of illicit revenue going to Russia-linked attackers.
– Designating some ransomware attacks as terrorism is suggested, given the potential dual nature of these attacks and their impact on critical infrastructure providers, such as healthcare organizations.
3. **Designating Some Ransomware Attacks as Terrorism:**
– Ransomware attacks on critical infrastructure, particularly healthcare organizations, are viewed as a significant national security threat, with reports linking them to negative patient outcomes and potential mortality rates.
– The argument is made to designate some of these attacks as acts of state-supported terrorism, considering their impact on human life and infrastructure, and the potential to intimidate or coerce a civilian population.
4. **The Need for Stronger Government Action:**
– The government response to ransomware attacks targeting critical infrastructure, such as healthcare organizations, is deemed insufficient. Calls for reclassifying these attacks as terrorist acts to leverage new tools and engage in offensive actions deemed appropriate and proportional.
5. **Conclusion:**
– Organizations affected by ransomware attacks lack sufficient protection from the government, and the current approach does not address ransomware as a national security issue. More robust government intervention, beyond guidelines and frameworks, is emphasized to combat ransomware effectively.
These takeaways highlight the complexity of the ransomware threat, the overlap between cybercriminal and nation-state activities, and the calls for a stronger, more proactive government response to address ransomware attacks as a national security issue.