Why Is It Difficult to Stop Ransomware Attacks?

Deputy Attorney General Lisa Monaco announces the recovery of millions of dollars worth of cryptocurrency from the Colonial Pipeline Co. ransomware attacks as she speaks during a news conference. (AP)

Your browser doesn’t support HTML5

Why Is It Difficult to Stop Ransomware Attacks?

In recent weeks, computer-based criminals have stopped the operations of U.S. schools and hospitals, published secret files and caused fuel shortages. They also have threatened global food supply networks.

The purpose of these actions is to gain money by forcing the target to pay what is known as ransom in exchange for releasing control of computer systems. The software these criminals use is called ransomware. Reporters have started calling the groups carrying out the attacks “ransomware gangs” or “cybercriminals.”

The growing problems caused by these gangs raise a clear question: Why has the United States looked so powerless to protect its citizens from these kinds of criminals?

On Monday, however, the government signaled that it could move against the cybercriminals by recovering ransom money.

Deputy Attorney General Lisa Monaco said at a news conference that the Justice Department has recovered most of a multimillion-dollar ransom payment to hackers by the operator of the nation’s largest fuel pipeline.

Colonial Pipeline, in the U.S. state of Georgia, supplies almost half the fuel used on the country’s eastern coast. The company temporarily shut down its operations on May 7 after a gang of criminal hackers called DarkSide illegally entered its computer system. Colonial officials said they closed their pipeline system and decided to pay a ransom of about $4.4 million so they could restart as soon as possible.

Monday’s announcement was the first time the government has said that it had recovered money from the Russia-based gang. U.S. officials say they are dealing with the threat of computer attacks aggressively.

Monaco said, “We will continue to use all of our tools and all of our resources to increase the costs and the consequences of ransomware attacks and other cyber-enabled attacks.”

President Joe Biden plans to meet Russia's leader, Vladimir Putin, later this month. He said he wants to talk about the support Russia seems to give ransomware criminals. The Biden administration has also promised to take action to defend against further attacks. It plans to improve efforts to bring charges against those responsible and form diplomatic agreements with other countries. The hope is that allies can pressure countries that protect ransomware gangs.

Boating on the Black Sea

But the difficulties of stopping ransomware gangs and other cybercriminals have long been clear. There are now more than 100 people on the FBI's quickly-growing list of most-wanted cyber criminals. Many of them are not really hiding. One is Evgeniy Bogachev, who was charged 10 years ago with a series of cyber bank thefts. He lives in a Russian resort town. The FBI says he "is known to enjoy boating" on the Black Sea.

This poster provided by the U.S. Department of Justice shows Maxsim Yukabets. Yakubets, 33, is best known as co-leader of a cybergang that calls itself Evil Corp

Ransomware gangs can move around, do not need much equipment to operate and can hide their identities. They also share resources. For example, DarkSide, the group responsible for the fuel pipeline attack, lends its ransomware software to partners to carry out attacks for a price.

All options are on the table

The Biden administration has not said if it plans to use offensive cyber measures against ransomware gangs. Press secretary Jen Psaki said last week that "we're not going to take options off the table," but she did not give further details. Her comments followed a ransomware attack by a Russian gang that caused outages at Brazil's JBS, the second-largest producer of beef, pork and chicken in the United States.

General Paul Nakasone leads U.S. Cyber Command and the National Security Agency. He said at a recent meeting that he believes the U.S. will be "bringing the weight of our nation," including the Defense Department, "to take down this (ransomware) infrastructure outside the United States."

U.S. policy already permits government specialists to fight against criminals in cyberspace and break up their operations using computer programs. U.S. Cyber Command also has carried out offensive operations related to election security, including against Russian misinformation efforts during the U.S. midterm elections in 2018.

After the Colonial Pipeline attack, Biden promised that his administration wants to bring foreign cybercriminals to justice. Yet even as he was speaking from the White House in May, a different Russian-linked ransomware group was publishing thousands of secret documents belonging to the Washington D.C. police department. Experts believe it was the worst ransomware attack against a U.S.-based law enforcement agency.

"We are not afraid of anyone," the hackers wrote in a message.

I’m Jill Robbins.

Jill Robbins adapted stories written by Alan Suderman and Eric Tucker for the Associated Press for this Learning English story. Mario Ritter, Jr. was the editor.

__________________________________________________

Words in This Story

hacker –n. a person who secretly gets access to a computer system in order to take information or cause damage

consequences –n.(pl.) the results (often bad) of some action that a person has taken

resort – n. a place where people go for vacations

take (an) option off the table expression. to eliminate a possible course of action

infrastructure n. the basic equipment and structures that are needed for a country, region, or organization to function properly

What do you think of the recent cyber attacks? We want to hear from you. Write to us in the Comments Section.