After months The dramatic rise, two prominent Russia-based ransomware gangs, Reveal and Darkside, have been quiet for a few weeks this summer. The break came after the White House and U.S. law enforcement agencies pledged to crack down on ransomware and stand up to governments that provide “safe haven” for the most seemingly reckless gangs. That silence has officially ended.
Revel and Darkside launched a devastating attack in the first half of the summer against the well-positioned IT services company Kaseya, a colonial pipeline fuel distribution system on the East Coast, and JBS, a global meat supplier, among others. U.S. law enforcement agencies began taking action in late April as a public-private ransomware task force was impacted by the new impact. In June, the FBI identified and seized more than million 4 million worth of cryptocurrencies paid to the colonial pipeline Darkside. And The The Washington Post It was reported this week that the FBI seized decryption keys from Reveal Server for Cassia ransomware, but did not release them so they could crack down on the gang’s infrastructure. Reveal suddenly went offline before officials could work on the plan.
White House Deputy National Security Adviser Anne Newberger even noted in early August that BlackMater – Darkside’s apparent successor to technological similarities – was committed to avoiding important infrastructural targets in his attacks. He suggested that the Kremlin was paying close attention to requests and warnings made by President Joseph Biden about ransomware earlier this summer.
Earlier this month, Newberger added, “We’ve noticed a reduction in ransomware and we think it’s an important step in reducing the risk to Americans.” We hope that trend will continue. ”
It seems impossible. Rebel and other gangs resurfaced after the Labor Day weekend. Earlier this week, Russian hackers at Blackmator launched a ransomware attack demanding 9 5.9 million from Iowa Grain Co-op New Co-operative যা a key infrastructure target of U.S. food supplies. Meanwhile, on Monday, the Cyber Security and Infrastructure Security Agency, the National Security Agency and the FBI issued a joint warning that they had carried out more than 400 attacks using a total of ransomware distributed by Russia-based Ransomware-A-Service. A team involved in the attack on the hospital last year.
The U.S. government is moving forward with its overall ransomware response. On Tuesday, the Treasury Department said it would approve a Swiss cryptocurrency exchange accused of being involved in ransom smuggling. The Treasury added that all ransomware victims should contact the department before deciding to pay a ransom to avoid a breach of the ban, a call that is in line with the White House’s broader efforts to let victims know when they have been hit with ransomware. There are no central datasets in the United States that reflect each attack, and companies often choose to keep events quiet whenever possible.
Hackers seem ready and willing to adapt to US enforcement efforts. Some groups have begun warning victims not to attack the government, threatening to release stolen files if targets report the situation. And gangs can only use their time underground to strategize, rebuild, and rebuild, when high-profile attacks result.
Katie Nichols, director of intelligence at security firm Red Canary, said: “It’s a very long game – as soon as a group of you say they’re gone, there’s someone behind them to get in.” “And although in July and August it seemed that the numbers could be lower, data on daily attacks and casualties was posted on the Dark Web site every day. So the good news is that the US government is taking action and prioritizing it; it’s too early to declare victory.”