RICHMOND, Va. – Foreign keyboard criminals with scant fear of repercussions have paralyzed U.S. schools and hospitals, leaked highly sensitive police files, triggered fuel shortages and, most recently, threatened global food supply chains.
The escalating havoc caused by ransomware gangs raises an obvious question: Why has the United States, believed to have the world’s greatest cyber capabilities, looked so powerless to protect its citizens from these kind of criminals operating with near impunity out of Russia and allied countries?
The answer is that there are numerous technological, legal and diplomatic hurdles to going after ransomware gangs. Until recently, it just hasn’t been a high priority for the U.S. government.
That has changed as the problem has grown well beyond an economic nuisance. President Joe Biden intends to confront Russia’s leader, Vladimir Putin, about Moscow's harboring of ransomware criminals when the two men meet in Europe later this month. The Biden administration has also promised to boost defenses against attacks, improve efforts to prosecute those responsible and build diplomatic alliances to pressure countries that harbor ransomware gangs.
Calls are growing for the administration to direct U.S. intelligence agencies and the military to attack ransomware gangs' technical infrastructure used for hacking, posting sensitive victim data on the dark web and storing digital currency payouts.
Fighting ransomware requires the nonlethal equivalent of the “global war on terrorism” launched after the Sept. 11 attacks, said John Riggi, a former FBI agent and senior adviser for cybersecurity and risk for the America Hospital Association. Its members have been hard hit by ransomware gangs during the coronavirus pandemic.
“It should include a combination of diplomatic, financial, law enforcement, intelligence operations, of course, and military operations,” Riggi said.
A public-private task force including Microsoft and Amazon made similar suggestions in an 81-page report that called for intelligence agencies and the Pentagon’s U.S. Cyber Command to work with other agencies to “prioritize ransomware disruption operations.”