How do you fight the ransomware scourge? Make the hackers paranoid, according to the US National Security Agency (NSA).At the RSA Conference in San Francisco, former NSA Director of Cybersecurity Rob Joyce and his successor, Dave Luber, discussed how the US is trying to crack down on ransomware gangs when many are based in Russia—a country that refuses to extradite hacking suspects. As an example, they pointed to the US effort this week to identify, indict, and sanction a chief leader of the ransomware gang Lockbit. Joyce said a key measure of the crackdown was the FBI seizing infrastructure to Lockbit’s internet operations back in February, which also involved taking over the group’s site on the dark web. Despite the takedown, the Lockbit gang quickly migrated to a new website. But according to Joyce, doing so merely played into the FBI’s hands. “I love that a new site pops up pretty quickly, and that’s pretty good. Because now the question on everybody’s mind amongst that community is: Is that Lockbit really back online? Or is that FBI?” Joyce said.
Rob Joyce (left) with Dave Luber (Credit: PCMag/Michael Kan)
“So you erode that trust amongst the criminals, and that adds friction,” he added. “Am I really talking to who I think I’m talking to? Am I actually giving my Bitcoin to somebody who’s going to launder and wash it and give it back? Or is it just going to be seized?”In the case of Lockbit, the Justice Department claims that senior leader LockbitSupp, a 31-year-old Russian named Dimitry Yuryevich Khoroshev, offered law enforcement his services in exchange for details concerning the identity of his ransomware competitors.Joyce added: “So those things where we as a community can provide the insights into that ecosystem, see the seams and the breaks between them, and peel people off for advantage, that’s an important capability that governments across the globe are really digging into.”His successor at the NSA, Luber, agreed with the assessment, and said the agency has supplied intelligence that the FBI and Justice Department can use to crack down on suspected hackers. During their talk, the two also addressed the threat from China and hacktivist groups targeting US critical infrastructure, such as water systems, to potentially sow chaos in the US.
Recommended by Our Editors
Joyce, who retired from the NSA in March, said the recent hacking attempts on US water facilities failed to result in any major consequences. Nevertheless, he’s particularly concerned that eventually a hacktivist group—perhaps in league with a state-sponsored hacking unit —could tamper with US critical infrastructure, without realizing the full effects. “At some point, somebody’s going to land one of these in a place against critical infrastructure that’s going to matter. And I don’t think that they’re doing the assessment of really how significant that attack will be,” he said. “We could see somebody tip the scales by overachieving one of these attacks without understanding the implications.” In response, Luber said the US has been working to bolster security at US companies and critical infrastructure providers by ensuring default and weak passwords are removed from IT systems and that software patches for vulnerable software and equipment are quickly installed.
Like What You’re Reading?
Sign up for SecurityWatch newsletter for our top privacy and security stories delivered right to your inbox.
This newsletter may contain advertising, deals, or affiliate links. Subscribing to a newsletter indicates your consent to our Terms of Use and Privacy Policy. You may unsubscribe from the newsletters at any time.