Ransomware remains a persistent threat, despite law enforcement actions aimed at disrupting the infrastructure threat actors rely on to carry out their attacks, according to the latest release from the Office of Director of National Intelligence. annual threat assessment.
“Transnational organized criminals involved in ransomware operations are improving their attacks, extorting funds, disrupting critical services and exposing sensitive data,” said the report, which was released Monday. “Important U.S. services and critical infrastructure, such as healthcare, schools and manufacturing, continue to experience ransomware attacks.”
National intelligence leaders warned that the ransomware problem is getting worse and harder to combat.
The leaders of the US government’s intelligence agencies, including the CIA, the FBI, the National Security Agency, the State Department, the Defense Intelligence Agency, and the ODNI they declared on Monday in a hearing with the US Senate Select Committee on Intelligencetogether with the publication of the report.
Threat actors are taking advantage of decentralized and cheap infrastructure, which allows specialized ransomware activity to proliferate anonymously, according to the report. “This interconnected system has improved the efficiency and sophistication of ransomware attacks while lowering the technical bar to entry for new actors.”
Federal authorities acknowledged limitations or limited capabilities that prevent more lasting impacts from law enforcement actions against ransomware operators.
While some global criminal syndicates temporarily cease operations following law enforcement actions, ransomware operators and their affiliates often find ways to rebrand and revamp their activities, authorities said in the report
AlphV’s involvement in a highly damaging ransomware attack against Change Healthcare is a particularly bitter development following a global law enforcement crackdown in December shut down the infrastructure of the ransomware group, also known as BlackCat. AlphV emerged in a few hours of withdrawal and remains active.
LockBit, another ransomware as a service group that resumption of operations in a few days of a global law enforcement effort that dismantled the group’s infrastructure, remains the most prolific criminal group in this field.
“In the absence of cooperative law enforcement from Russia or other countries that provide cybercriminals with a safe haven or a permissive environment, mitigation efforts will continue to be limited,” the report said.
