Researchers uncover mysterious malware that stole 1.2 TB of sensitive data from 3 million PCs

0

The US Department of Justice is elevating investigations into ransomware attacks to a similar priority to terrorism in the wake of the Colonial Pipeline hack and increasing damage caused by cybercriminals, a senior department official told Reuters.

Internal guidelines sent Thursday to US law firms across the country said information on ransomware investigations in the field should be coordinated centrally with a recently established task force in Washington.

The letter was sent to Deputy Attorney General Lisa Monaco and was titled “Guidance to Investigations and Cases Related to Ransomware and Digital Extortion,” according to Cyber ​​Scoop News, which obtained a copy of the letter.

“Recent ransomware attacks — including last month’s attack on Colonial Pipeline — underscore the growing threat that ransomware and digital extortion pose to the nation, and the destructive and devastating impact ransomware attacks can have on critical infrastructure,” Monoco wrote in a statement. the letter.

John Carlin, acting deputy attorney general at the Department of Justice, told Reuters that the guidelines are

John Carlin, acting deputy attorney general at the Department of Justice, told Reuters that the guidelines are “a specialized process to ensure we track all ransomware cases.”

Internal guidelines sent to US law firms across the country on Thursday said information on ransomware investigations in the field should be coordinated centrally with a recently created task force in Washington.

Internal guidelines sent to US law firms across the country on Thursday said information on ransomware investigations in the field should be coordinated centrally with a recently created task force in Washington.

“A central goal of the recently launched Ransomware and Digital Extortion Task Force is to ensure that we deploy the full authorities and resources of the Department to address the many dimensions and root causes of this threat.”

The guidance added: “To ensure that we can make the necessary connections between national and global cases and investigations, and to enable us to gain a comprehensive picture of the national and economic security threats we face, we must improve and centralize our internal tracking.’

John Carlin, deputy deputy attorney general at the Department of Justice, told Reuters the guidelines are “a specialized process to ensure we track all cases of ransomware, regardless of where it’s referenced in this country, so you can see the links.” between actors and work. your way up to disrupt the whole chain.’

Last month, a cybercriminal group that US authorities said operates out of Russia invaded a pipeline operator on the US east coast, blocked its systems and demanded a ransom. The hack caused a multi-day shutdown, sparking a spike in gas prices, panic buying and local fuel shortages in the Southeast.

Colonial Pipeline decided to pay the hackers who penetrated their systems nearly $5 million to regain access, the company said.

The Justice Department’s decision to put ransomware in this special process illustrates how priority is being given to the issue, US officials said.

“We’ve used this model around terrorism before, but never with ransomware,” says Carlin. The process is usually reserved for a short list of topics, including national security matters, legal experts said.

In practice, this means that researchers in US law firms handling ransomware attacks are expected to share both updated case details and active technical information with leaders in Washington.

Chris Krebs, the former director of the Cybersecurity and Infrastructure Security Agency, tweeted about the news on Thursday.

“This is a positive indication that we are serious about stopping ransomware. Much more needs to be done, but course changes are a good thing,” he tweeted.

Krebs explained how the ransomware situation has deteriorated in the United States, calling the attacks “a profitable business model with low barriers to entry” and noting that “so far there have been no meaningful impacts on the criminals or their hosts.”

He also claimed that companies’ security postures “make it too easy for the bad guys,” while speculating that the Russian government is allowing ransomware groups to thrive because it “builds a cyber workforce they can call on later” and “create high-paying jobs.” ‘ to keep the inhabitants of the country ‘off the street’.

Krebs noted that the ransomware attacks also “undermine confidence in the Western citizenry” in their government’s ability to defend them.

The former federal official said he read a letter from the deputy national security adviser, in which Krebs said a number of things stood out, including that the government is considering “all companies are in the game” and could be ransomware targets.

Chris Krebs, the former director of the Cybersecurity and Infrastructure Security Agency, tweeted that the news shows officials are taking the threats seriously

Chris Krebs, the former director of the Cybersecurity and Infrastructure Security Agency, tweeted that the news shows officials are taking the threats seriously

Chris Krebs, the former director of the Cybersecurity and Infrastructure Security Agency, tweeted that the news shows officials are taking the threats seriously

Chris Krebs, the former director of the Cybersecurity and Infrastructure Security Agency, tweeted that the news shows officials are taking the threats seriously

He tweeted that he “cannot remember a letter like this” from a senior National Security official at the White House.

Krebs said the government is considering “all businesses are in the game” because ransomware is opportunistic and poses a risk of business disruption, not just theft.

The cybersecurity expert called on government officials to “use various tools of national power to enforce consequences on criminals and the countries that enable them” and make it more difficult to use cryptocurrency for payments.

The White House on Thursday warned business leaders and business leaders to step up security measures to protect against ransomware attacks after burglaries also disrupted operations at a major meat processing company.

Anne Neuberger, a cybersecurity adviser to the National Security Council, said in a letter that the frequency and scale of ransomware attacks has increased significantly.

“The threats are serious and mounting. We urge you to take these critical steps to protect your organizations and the American public,” she added.

The recent cyberattacks have forced companies to view ransomware as a threat to the core business of the company and not just data theft, as ransomware attacks have shifted from stealing to disrupting operations, she said.

Strengthening the country’s resilience to cyber-attacks was one of President Joe Biden’s top priorities, the White House said.

“But we can’t do it alone,” White House press secretary Jen Psaki said Thursday. “Business leaders have a responsibility to strengthen their cyber defenses to protect the American public and our economy.”

No business, big or small, is safe from ransomware attacks, Neuberger told business.

The letter came after a major meat packer resumed operations in the US on Wednesday after a ransomware attack that disrupted meat production in North America and Australia.

A Russia-affiliated hacking group called REvil and Sodinokibi was behind the cyber attack on JBS SA, a source familiar with the matter told Reuters.

The cyber attack was followed last month by a group with ties to Russia on the Colonial Pipeline, the largest fuel pipeline in the United States, which paralyzed fuel supplies in the southeastern US for several days.

Biden believes Russian President Vladimir Putin has a role to play in preventing these attacks and planned to raise the issue at their summit this month, Psaki said.

Neuberger’s letter outlined immediate steps companies can take to protect themselves from ransomware attacks, which can have ripple effects far beyond the company and its customers.

These include best practices such as multi-factor authentication, endpoint detection and response, encryption, and a skilled security team. Businesses need to back up data and test systems regularly, and update and patch systems immediately.

Neuberger advised companies to test incident response plans and use a third party to test the work of the security team.

She said it’s critical that business functions and manufacturing operations run on separate networks.

.