The excruciatingly slow gears of the U.S. government are starting to move with more urgency when it comes to dealing with geopolitical ransomware attacks.

The Colonial Pipeline hack and the ransomware breach of a major food processing facility in recent weeks, coupled with Windows server exploits and the still unfolding saga of an attack on oil company Saudi Aramco, have caught the attention of U.S. government leaders. The question now will be how the U.S. will respond to growing unease over the disruption of global commerce.

“There has been a sea change in the last two or three months in Congress with respect to how seriously policymakers are taking cybersecurity,” Rep. Jim Himes (D-Connecticut), said during a virtual panel discussion hosted by The Wilson Center this week. “Twelve years ago in this institution, if you said cybersecurity, people would look at you quizzically. Colonial Pipeline was different than the other stuff.”

Sheltering attackers

What has changed the dynamic for leaders in Washington and global capitals elsewhere is a growing belief that some nation-states are either behind the attacks or quietly supporting the criminal gangs that perpetrate them. The Colonial Pipeline attack, which disrupted supplies of oil and gas for the eastern half of the U.S. in May, has been attributed to DarkSide, a criminal gang operating out of Russia.

A ransomware attack on the food processing company JBS led to a disruption of meat supplies this summer and the group responsible has been identified as REvil, another Russian criminal group. This month, the Biden administration named the Chinese government as behind a cyberattack on Microsoft Exchange servers that compromised tens of thousands of networks worldwide.

The disruption caused by groups operating inside two large global superpowers has resulted in rising calls for action by U.S. authorities. Himes recently wrote an opinion piece for a Connecticut newspaper calling for the U.S. to “strike back” against cyberattackers.

In his remarks during the Wilson Center event this week, Himes suggested that the government should consider pursuit of wealthy interests inside of Russia. “We really need to establish a sense that these adventures are not free for the Kremlin, I do not think that sanctions are enough,” he said. “Let’s mess with the oligarchs’ wealth. We must extract a cost.”

Tipping point for US

Himes’ tough stance has been echoed in recent weeks by two key figures within the foreign policy and cybersecurity communities. Dmitri Alperovitch, co-founder and executive chairman of the Silverado Policy Accelerator and co-founder of CrowdStrike Holdings Inc., teamed up with Matthew Rojansky, director of The Wilson Center’s Kennan Institute and a leading analyst on U.S.-Russia relations, to publish a recent editorial in the Washington Post. The opinion piece called on President Joe Biden to put pressure on Russia President Vladimir Putin to halt cybersecurity attacks from his country.

“Ransomware has become a tipping point for the U.S.,” Alperovitch said during a press briefing prior to the panel discussion this week. “We believe the Russian government is well aware of where these groups are and who they are. We need very tough talks with Russia on this issue, we have to put a stop to it.”

Part of the concern that may be driving Congress, along with noted experts such as Alperovitch and Rojansky, is that ransomware attacks have moved into bedrock institutions that affect a broad cross-section of the American public. A July attack on Kaseya Inc., an information technology solutions developer for managed service providers and a number of enterprise customers, led to ransomware compromises affecting 800 to 1,500 small and medium-sized businesses. The attack has also been attributed to the Russian REvil cybercriminal group.

“Even something like Kaseya has to be taken deadly seriously, because it is a direct attack on the lives of ordinary Americans,” said Rojansky during the Wilson Center event this week. “This speaks to the core of who we are as a nation, this is peoples’ livelihoods. There has to be a consequence for noncompliance, and it has to be taken seriously.”

Hacking back

What should those consequences be? Himes dropped a hint this week that Congress may consider relaxing earlier provisions that barred companies from taking cyber-retaliatory action, a process known as “hack back.”

Under current U.S. law, only the government is allowed to take such a step. A bipartisan bill was introduced in the U.S. Senate recently directing the Department of Homeland Security to assess risks and benefits for allowing private firms to respond in kind.

“We are moving away from an allergy to a hack back,” Himes said. “We’re a lot less allergic to the notion than we were seven years ago.”

There is also a distinct possibility that financial regulatory agencies may soon take steps to curb the ability of cybercriminals to use hard-to-trace cryptocurrencies as the pipeline for ransomware payment.

There are signs that government focus may center on cryptocurrency exchanges. In April, a task force comprised of government officials and technology firms recommended enforcement of know-your-customer rules, currently required by Treasury regulations for fiat currencies, to improve transparency for digital money.

“It is no accident that prior to 2009 when bitcoin was invented, we had no ransomware,” Alperovitch said. “We need to use the power of the U.S. Treasury to regulate all domestic exchanges.”

Meanwhile, the steady stream of ransomware attacks has continued unabated, with the breach of Saudi Arabia’s state oil giant Saudi Aramco being the latest. Recent reports indicate that hackers are demanding $50 million in cryptocurrency ransom from the company after the theft of 1 terabyte of enterprise data.

As for REvil, one of Russia’s most notorious gangs, the group has vanished from the dark web, the shady corner of the internet reachable with special software, and U.S. officials, including President Biden, have publicly said they have no idea why.

“They have generated a lot of heat on themselves over the last few weeks,” Alperovitch said. “Any time the president of the United States is calling you out, that is not a good thing. Or it could be they decided to shut things down for the summer and go to Crimea to celebrate.”

Image: Pixabay Commons