acm-header
Sign In

Communications of the ACM

ACM News

Winning the War on Ransomware


As long as there is a sustained effort against these somewhat decentralized and shifting crime gangs; this isnt just whack-a-mole, says Kurt Baumgartner, principal security researcher at Kaspersky.

Credit: Ori Toor

In the past 10 years, ransomware has become inescapable. All kinds of institutions have been targeted, from the schools children go to, to fuel and medical infrastructure. A report from the U.S. Treasury estimates there were over half a billion dollars in ransomware payouts in the first half of 2021 alone. Law enforcement has struggled to get a handle on the situation, with many groups operating for years with no apparent fear of repercussions.

This year, federal law enforcement decided to try something new. In April, the Department of Justice created the Ransomware and Digital Extortion Task Force in a move to prioritize the "disruption, investigation, and prosecution of ransomware and digital extortion activity." The task force is supposed to help share information between DOJ departments, as well as work with outside and foreign agencies. In the months since, it's made some impressive prosecutions, but they're just a sliver of the overall — and the bigger picture remains maddeningly unclear.

One of the first publicized wins for the group came in June, when the Department of Justice said the group was handling the case of an individual alleged to be partially responsible for the malware suite known as Trickbot, which could help expose a system to a ransomware attack. Days after that announcement came an even bigger win: the DOJ announced it had seized back $2.3 million of the $4.4 million ransom paid by oil company Colonial Pipeline, and that the task force had coordinated the efforts. Then, in October, its biggest win yet — the arrests of a few alleged members of REvil, a hacking group, by European police forces, and the seizure of over $6 million in funds the department says were linked to ransomware payments.

Still, the sheer volume of attacks means a handful of prosecutions is unlikely to make a difference. Prosecutors need the threat of law enforcement action to scare criminals away from ransomware — and some experts say the scheme is still too lucrative for criminals to give up.

From The Verge
View Full Article

 


 

No entries found

Sign In for Full Access
» Forgot Password? » Create an ACM Web Account