RICHMOND, Va. (AP) â€” Foreign keyboard criminals with scant fear of repercussions have paralyzed U.S. schools and hospitals, leaked highly sensitive police files, triggeredÂ fuel shortagesÂ and, most recently, threatenedÂ global foodÂ supply chains.
TheÂ escalating havocÂ caused by ransomware gangs raises an obvious question: Why has the United States, believed to have the worldâ€™s greatest cyber capabilities, looked so powerless to protect its citizens from these kind of criminals operating with near impunity out of Russia and allied countries?
The answer is that there are numerous technological, legal and diplomatic hurdles to going after ransomware gangs. Until recently, it just hasnâ€™t been a high priority for the U.S. government.
That has changed as the problem has grown well beyond an economic nuisance. President Joe Biden intends to confront Russiaâ€™s leader, Vladimir Putin, about Moscowâ€™s harboring of ransomware criminals when the two men meet in Europe later this month. The Biden administration has also promised to boost defenses against attacks, improve efforts to prosecute those responsible and build diplomatic alliances to pressure countries that harbor ransomware gangs.
Calls are growing for the administration to direct U.S. intelligence agencies and the military to attack ransomware gangsâ€™ technical infrastructure used for hacking, posting sensitive victim data on the dark web and storing digital currency payouts.
Fighting ransomware requires the nonlethal equivalent of the â€œglobal war on terrorismâ€ launched after the Sept. 11 attacks, said John Riggi, a former FBI agent and senior adviser for cybersecurity and risk for the America Hospital Association. Its members have been hard hit by ransomware gangs during the coronavirus pandemic.
â€œIt should include a combination of diplomatic, financial, law enforcement, intelligence operations, of course, and military operations,â€ Riggi said.
A public-private task force including Microsoft and Amazon made similar suggestions in anÂ 81-page reportÂ that called for intelligence agencies and the Pentagonâ€™s U.S. Cyber Command to work with other agencies to â€œprioritize ransomware disruption operations.â€
â€œTake their infrastructure away, go after their wallets, their ability to cash out,â€ said Philip Reiner, a lead author of the report. He worked at the National Security Council during the Obama presidency and is now CEO at The Institute for Security and Technology.
But the difficulties of taking down ransomware gangs and other cybercriminals have long been clear. The FBIâ€™s list of most-wanted cyber fugitives has grown at a rapid clip and now has more than 100 entries, many of whom are not exactly hiding. Evgeniy Bogachev, indicted nearly a decade ago for what prosecutors say was a wave of cyber bank thefts, lives in a Russian resort town and â€œis known to enjoy boatingâ€ on the Black Sea, according to the FBIâ€™s wanted listing.
Ransomware gangs can move around, do not need much infrastructure to operate and can shield their identities. They also operate in a decentralized network. For instance, DarkSide, the group responsible for the Colonial Pipeline attack that led to fuel shortages in the South, rents out its ransomware software to partners to carry out attacks.
Katie Nickels, director of intelligence at the cybersecurity firm Red Canary, said identifying and disrupting ransomware criminals takes time and serious effort.
â€œA lot of people misunderstand that the government canâ€™t just willy-nilly go out and press a button and say, well, nuke that computer,â€ she said. â€œTrying to attribute to a person in cyberspace is not an easy task, even for intelligence communities.â€
Reiner said those limits do not mean the United States cannot still make progress against defeating ransomware, comparing it with Americaâ€™s ability to degrade the terrorist group al-Qaida while not capturing its leader, Ayman al-Zawahiri, who took over after U.S. troops killed Osama bin Laden.
â€œWe can fairly easily make the argument that al-Qaida no longer poses a threat to the homeland,â€ Reiner said. â€œSo short of getting al-Zawahiri, you destroy his ability to actually operate. Thatâ€™s what you can do to these (ransomware) guys.â€
The White House has been vague about whether it plans to use offensive cyber measures against ransomware gangs. Press secretary Jen Psaki said Wednesday that â€œweâ€™re not going to take options off the table,â€ but she did not elaborate. Her comments followed a ransomware attack by a Russian gang that caused outages at Brazilâ€™s JBS SA, the second-largest producer of beef, pork and chicken in the United States.
Gen. Paul Nakasone, who leads U.S. Cyber Command and the National Security Agency, said at a recent symposium that he believes the U.S. will be â€œbringing the weight of our nation,â€ including the Defense Department, â€œto take down this (ransomware) infrastructure outside the United States.â€
Sen. Angus King, an independent from Maine who is a legislative leader on cybersecurity issues, said the debate in Congress over how aggressive the U.S. needs to be against ransomware gangs, as well as state adversaries, will be â€œfront and center of the next month or two.â€
â€œTo be honest, itâ€™s complicated because youâ€™re talking about using government agencies, government capabilities to go after private citizens in another country,â€ he said.
The U.S. is widely believed to have the best offensive cyber capabilities in the world, though details about such highly classified activities are scant. Documents leaked by former NSA contractor Edward Snowden show the U.S. conducted 231 offensive cyber operations in 2011. More than a decade ago a virus called Stuxnet attacked control units for centrifuges in an underground site in Iran, causing the sensitive devices to spin out of control and destroy themselves. The cyberattack was attributed to America and Israel.
U.S. policy called â€œpersistent engagementâ€ already authorizes cyberwarriors to engage hostile hackers in cyberspace and disrupt their operations with code. U.S. Cyber Command has launched offensive operations related to election security, including against Russian misinformation officials during U.S. midterm elections in 2018.
After the Colonial Pipeline attack, Biden promised that his administration was committed to bringing foreign cybercriminals to justice. Yet even as he was speaking from the White House, a different Russian-linked ransomware gang was leaking thousands of highly sensitive internal files â€” including deeply personal background checks â€” belonging to theÂ police departmentÂ in the nationâ€™s capital. Experts believe itâ€™s the worst ransomware attack against a U.S.-based law enforcement agency.
â€œWe are not afraid of anyone,â€ the hackers wrote in a follow-up post.
Calling all HuffPost superfans!
Sign up for membership to become a founding member and help shape HuffPost’s next chapter