Russia’s cyber warfare machine is relentless and has seen some recent success. In February 2022, it launched an attack on a European satellite system that goes by the name Viasat—not to be confused with the American satellite telecom system by the same name. Hackers used a wiper malware, which erases hard drives, to cripple Viasat and the digital infrastructures of Ukrainian government offices.
Although the attacks were likely associated with the war in Ukraine, they represent a clear and present danger to other countries as well. Many nations have similar telecommunications infrastructures—all of which are attractive targets for hackers.
The Department of Justice (DOJ) has successfully prevented a range of similar cyberattacks in the past. And once again, it’s stepping up to the plate to make it harder for Russian attackers and others to target critical systems in the United States. Aside from the type of malware used in the Viasat attack, another threat the DOJ is actively fighting against is ransomware.
Understanding Ransomware in Cybercrime
Ransomware is a type of malware hackers unleash to take control of a victim’s computer. Once they’ve taken over the target’s system, which typically involves locking them out of some or all of their network, the hacker demands the victim to pay a ransom. They claim that once they receive payment, the victim will once again gain access to their files and network.
Often, it makes sense for the victim to simply pay the ransom, primarily because they lose more money than the attacker is asking for while the system is down. To illustrate, let’s say a company suffers a ransomware attack and loses about $2.5 million a day because they can’t access their system. If the hacker asks for $500,000, they may be tempted to pay the ransom just so they can get their business up and going again.
The Commodification of Ransomware Attacks
Recently, attackers have begun peddling predesigned ransomware to other hackers, making it easier for malicious actors to infiltrate target systems, particularly because they no longer have to invest time and money in designing their own ransomware.
Similar to Software-as-a-Service (SaaS), hackers now offer Ransomware-as-a-Service (RaaS) to streamline the attack process and earn significant income through ransom payouts. Known ransomware variants now operating as RaaS include:
- Lockbit
- Ryuk
- REvil/Sodinokibi
- Egregor/Maze
RaaS Attackers Collaborating with Access Brokers
RaaS hackers have been tightening relationships with access brokers, which are organizations of hackers—or a single actor—that have illegally obtained access credentials for an enterprise. They then sell access packages to other criminals via the dark web. Because access credentials are necessary to penetrate sensitive areas of an organization’s network, RaaS hackers have been buying up the packages.
The DOJ and FBI Remove Malware from the Internet
It’s virtually impossible for any organization to exercise control over the vast network of the internet, but the DOJ got pretty close in a recent move designed to thwart Russian hackers. It’s widely believed that Russian President Vladimir Putin is planning to execute cyberattacks against the United States, primarily in response to US sanctions as Russia continues its bombardment of Ukraine.
The DOJ specifically targeted malware that enabled Russians to create botnets, which are networks of computers that could potentially be controlled by the GRU, Russia’s chief intelligence office. Botnets work by taking control of computers and using the computers’ resources to launch attacks.
Although it was unclear what the Russians planned to do with the botnets, they could be used for a variety of digital incursions. For instance, botnets can orchestrate distributed denial-of-service (DDoS) attacks, which involve multiple computers sending false requests to web servers, inundating them to the point they can no longer serve legitimate users.
Protecting Critical and Essential Systems
The DOJ’s move was designed to insulate the country from the effects of attacks on particularly sensitive targets. While malware can pose a danger to any company or individual, its impacts can be especially devastating if they strike any of the following systems:
- Financial: An attack on financial networks or entities will negatively impact banking, investing, and e-commerce activities.
- Oil pipelines: Despite the rise of alternative energy, oil pipelines are still the veins carrying the energy lifeblood of the United States. Safeguarding against malware that can target energy reserves reduces the chances of another Colonial Pipeline-type incident
- Electricity: With malware, attackers can paralyze the various power grids across the US. Power interruptions could result in devastating outages throughout the country.
Will Ransomware Dominate the Cybercrime Landscape?
With RaaS, the cybercrime landscape could eventually be dominated by ransomware. However, because other attack methods are easier to implement, it’s unlikely that hackers will completely abandon traditional attack vectors. That being said, the appeal of ransomware is unique from the perspective of an attacker for several reasons:
- Less hacking work involved: Hackers don’t have to painstakingly orchestrate theft using stolen access credentials. Rather, they can simply demand payment, get it, and start looking for the next victim.
- Less or no coding required: With ready-made ransomware now available for purchase, an attacker with very little coding knowledge can simply buy one and then enact what amounts to a plug-and-play attack. The programming grunt work has been done for them.
- Huge payoffs: The potential for payoff is high. A successful ransomware breach could quickly yield $10,000, which may not be much for the organization being hacked. But if an attacker can replicate this kind of attack several times a month, their profits add up quickly.
Can the DOJ Play the Role of Watchdog?
The DOJ can certainly take the lead in combatting ransomware, but it would need greater visibility—and control—over the internet to play the role of an all-out watchdog. Further, with the growth of Web 3.0, particularly the cryptocurrency space, it’s increasingly challenging to gain direct visibility into who’s involved in the purchase and sale of ransomware, and where ransom payments go, as hackers often demand to be paid in cryptocurrency during a successful ransomware attack.
So if an attacker accepts payment via bitcoin, the funds get sent not to an account with their name, address, and social security number but to a crypto wallet. And when the attacker converts the bitcoin into US dollars or another fiat currency, such as euros or yen, that transaction also happens anonymously.
The DOJ Gets the Upper Hand
Despite these seemingly insurmountable odds, the DOJ’s persistent campaign against cybercrime has returned positive results. Recently, through a coordinated global crackdown, Sebastien Vachon-Desjardins, a NetWalker RaaS affiliate from Canada who extorted $28 million from victims, was charged in Florida. Also recovered was over $450,000 worth of cryptocurrency from payments made to NetWalker ransomware attackers.
Additionally, through a partnership with authorities in Bulgaria, the DOJ went after areas of the dark web that hackers used to buy, sell, and spread malware. The NetWalker website, which previously was where ransomware victims were directed to retrieve payment instructions, now bears a banner telling visitors that the website has been taken over by law enforcement officials.
And perhaps more importantly, the DOJ’s infiltration of attackers’ networks has resulted in some companies getting their money back, as was the case with the Colonial Pipeline hack.
The DOJ Advises Companies to Keep Their Cyber “Shields Up”
The advice of Deputy Attorney General Lisa Monaco to organizations is simple: “They need to be, as we say, ‘shields up’ and to be really on the most heightened level of alert that they can be and taking all necessary precautions.” To this end, companies can enlist the help of anti-ransomware software, such as:
- Check Point’s Infinity-Vision, a unified security management solution
- Fortinet Security Fabric, a high-performing cybersecurity mesh platform
- Barracuda’s anti-ransomware solutions
- Cisco’s advanced malware protection
The DOJ: Bringing the Fight to Ransomware Attackers
Although ransomware is on the rise, spurred in part by its commodification as RaaS, the DOJ is fighting back as intensely—if not more. It may not be in a position to exercise complete global control over the ransomware attack landscape, but by leveraging local and international coalitions, it is a force to be reckoned with in the battle against opportunistic, savvy hackers.
Infuriatingly humble organizer. Entrepreneur. Zombie guru. Professional creator. Future teen idol.