US and European law enforcement’s disruption last week of a $100-million ransomware gang is the clearest public example yet of a new high-stakes strategy from the Biden administration to prioritize protecting victims of cybercrime – even if it means tipping off suspects and potentially make it harder to arrest them.
The extent to which the FBI and Justice Department can carry out similar operations on other ransomware groups – and get the balance right between when to collect intelligence on hackers’ operations and when to shut down computer networks – could affect how acute the threat of ransomware attacks is to US critical infrastructure for years to come.
In the case revealed last week, the FBI says it had extraordinary access for six months to the computer infrastructure of a Russian-speaking ransomware group known as Hive, which had extorted more than $100 million from victims worldwide, including hospitals. That covert access, officials said, allowed the FBI to pass “keys” to victims so that they could decrypt their systems and thwart $130 million in ransom payments.
Justice officials are still trying to arrest the people behind Hive and know where some of them are located, a senior Justice Department official told CNN. But sometimes waiting for an arrest before seizing hacking infrastructure “may mean waiting for a very long time – perhaps an unacceptably long time,” the official said in an interview granted on the condition of anonymity to discuss the case.
The decision to go public with a splashy news conference, fronted by FBI Director Christopher Wray and Attorney General Merrick Garland, before making any arrests is evidence of a new approach to ransomware attacks which cost the US hundreds of millions of dollars, if not billions, annually.
The strategy shift toward doing more to help victims of cybercrime – announced a…
Read the full article here
