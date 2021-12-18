



Kenestre Zasca, President of Luis and Clark Community College, will take a photo on December 15, 2021 at the university campus in Godfrey, Illinois. A small school in Illinois canceled classes for a few days after taking an important computer system offline in a ransom attack last month. .. Credits: AP Photo / Jeff Roberson

In the months since President Joe Biden warned Russia’s Vladimir Putin that he needed to crack down on his ransomware gang, there wasn’t a major attack like May last year that caused a gas shortage. But that’s a little comfort for Ken Torzaska.

Trzaska, president of Lewis & Clark Community College, a small school in Illinois, canceled classes last month for several days after a ransomware attack that took critical computer systems offline.

“On that first day, I think we were all probably more than 20 hours old and we just went through the process and tried to figure out what happened,” Trzaska said.

The problem even if the United States is not currently able to withstand the massive top-page ransomware attacks earlier this year that targeted the world’s meat supply or prevented millions of Americans from filling gas tanks. Has not been resolved. In fact, Trzaska’s attack on college was part of a barrage of unobtrusive episodes that confused the hit businesses, governments, schools, and hospitals.

University challenges reflect the challenges and uneven developments the Biden administration faces in eradicating the threat as ransomware became an urgent national security issue last spring.

US officials have regained ransom payments, cracked down on cryptocurrency abuse, and arrested them. Spy agencies have launched an attack on the ransomware group, and the United States has urged federal, state, local, and private companies to increase protection.

But six months after Biden advised Putin, it’s hard to tell if hackers have eased because of US pressure. Small-scale attacks continue, and ransomware criminals continue to look like impunity from Russia. Government officials have made conflicting assessments of whether Russia’s behavior has changed since last summer. To make matters worse, ransomware is no longer the top priority for the US and Russia, and Washington is focused on discouraging Putin from invading Ukraine.

The White House has decided to “fight all ransomware” through various tools, but said the government’s response depends on the severity of the attack.

“Some are law enforcement issues, while others pose a direct national security threat to high-impact and destructive ransomware activities, and others need to be addressed,” the White House statement said. rice field.

A ransomware attack in which hackers lock victims’ data and demand exorbitant amounts to return it is a May attack on the Colonial Pipeline, which supplies nearly half of the fuel consumed on the East Coast. Later, it emerged as a national security emergency for the government.

The attack shut down the company and caused a gas shortage for several days, but resumed service after paying more than $ 4 million in ransom. Shortly thereafter, there was an attack on the meat processor JBS, which paid a ransom of $ 11 million.

Biden met Putin in Geneva in June, suggesting that the critical infrastructure sector should be “off-limits” for ransomware, and the United States will “begin to bring some order” within six months to a year. “Is there an agreement?”

He repeated the message in July, a few days after a major attack on Kaseya, a software company that affected hundreds of companies, and Russia cybercrime when the United States provided enough information to do so. He said he was hoping to take action against the criminals.

Since then, there have been some notable attacks from groups that appear to be based in Russia, including the Sinclair Broadcast Group and the National Rifle Association, but those same results from last spring or summer or There was no effect.

One reason could be increased surveillance by the US government, or fear of it.

In September, the Biden administration authorized a Russian-based crypto exchange, and authorities say the ransomware gang helped launder money. Last month, the Justice Department unsealed charges against a suspected Ukrainian ransomware operator arrested in Poland and recovered millions of dollars in ransom payments. General Paul Nakasone, head of the US Cyber ​​Command, told The New York Times that his agency had launched an offensive operation against the ransomware group. The White House says that “government-wide” efforts will continue.

Kevin Powers, a security strategy adviser for cyber-risk companies, said, “People running ransomware are retreating, saying,’That would cause the U.S. government to follow aggressively.'” I think there is. ” Cyber ​​Saint describes attacks on critical infrastructure.

Meanwhile, U.S. officials have shared the name of a suspected ransomware operator with Russian authorities and have begun an investigation, according to two people familiar with the issue that they are not allowed to speak publicly.

Kremlin spokesman Dmitry Peskov, although it is unclear what Russia will do with these names, argues that countries are having useful dialogues, saying, “A working mechanism has been established and in fact It’s working. “

It is also difficult to measure the impact of individual arrests on the overall threat. Another person charged by a federal prosecutor, despite waiting to be handed over to the United States after a ransomware suspected hacker was arrested in Poland, was later comfortably in Russia by the British Tabroid. He was reported to be living and driving a luxury car.

Some are skeptical of ascribed the drop-off of high-profile attacks to US efforts.

“It may have been a fluke,” said Dmitri Alperovitch, former chief technology officer of cybersecurity firm Crowdstrike. He said asking Russia to crack down on large-scale attacks would not work because “the demands for coordinating criminal activity that they cannot even completely control” are too detailed.

Since Biden talked with Putin, top US officials have given conflicting answers to ransomware trends. Some FBI and Justice Department officials say Russia’s behavior hasn’t changed. National cyber director Chris Inglis said the attacks are visibly diminishing, but it’s too early to say why.

Given the lack of baseline information and uneven reports from victims, it is difficult to quantify the number of attacks, but the absence of catastrophic incidents is the most significant national security risk. An important marker for the White House, which seeks to pay attention to catastrophic violations.

Victims of ransomware attacks in the past few months include hospitals, small businesses, and universities like Howard University, temporarily offline many of the systems after the September attack and the discovery of the Virginia State Parliament. I made it.

The attack at Lewis & Clark in Godfrey, Illinois was discovered two days before Thanksgiving when the school’s IT director detected suspicious activity and actively took the system offline, President Trzaska said. I am saying.

A ransom note from a hacker demanded payment, but Trzaska refused to reveal the amount or identify the culprit. Many attacks come from hackers in Russia and Eastern Europe, but others come from elsewhere.

As important educational systems such as email and the school’s online learning platform were affected, admins canceled classes for a few days after the Thanksgiving break and kept students up to date via social media and public alert systems. I did.

Universities that had backups on most servers resumed operations this month.

The ordeal was daunting enough to inspire Trzaska and the president of another university, who he says endured similar experiences to plan a cybersecurity panel.

“The stock price from everyone isn’t about when it happens, it’s about when it happens,” Torzaska said.

The ransomware gang says it targeted the National Rifle Association

