The U.S. government isn’t playing around with ransomware attackers. “Our message to ransomware criminals is clear: If you target victims here, we will target you,” said Deputy Attorney General Lisa Monaco of the Department of Justice (DOJ).
But she wasn’t only talking the talk—the DOJ filed charges against Yaroslav Vasinskyi, a 22-year-old Ukrainian national whose criminal resume included several exploits, with the Kaseya attack perhaps the biggest notch on his belt.
How Vasinskyi Enabled the Kaseya Attack
Kaseya provides managed services providers (MSPs) and IT teams with a unified IT management platform, and the attack brought the company to its knees, as well as many of its clients.
During the July 2021 attack, Vasinskyi deployed malicious code on a Kaseya product, which then allowed the criminal group he was allegedly a part of, REvil, to gain access to customer endpoints connected to Kaseya’s network. The ransomware attack—which demanded a ransom of $70 million to be paid in cryptocurrency—affected approximately 1,500 U.S. businesses.
Thankfully, Vasinskyi was unable to wriggle free from the DOJ’s grasp. He was arrested a few months later while attempting to enter Poland from Ukraine. The DOJ reportedly also seized $6.1 million from Yevgeniy Polyanin, another ransomware attacker believed to have ties with REvil.
Ransomware: A Bigger Problem
According to the Verizon 2022 Data Breach Investigations Report, the number of ransomware attacks jumped 13% in the past year, representing an increase that’s greater than the last five years combined. The report also noted that 80% of the attacks were launched by crime syndicates. A FortiGuard Labs perspective, meanwhile, noted that the “booming cybercrime ecosystem has grown into its own supply chain,” with yearly revenues reaching more than a trillion dollars.
Ransomware is fast becoming a critical national security threat, not just for the U.S. but also for governments around the world, and the high-profile assaults on JBS and Colonial Pipeline may only be the tip of the iceberg.
In fact, according to the Wall Street Journal, “Nearly $600 million in transactions were linked to possible ransomware payments in so-called Suspicious Activity Reports [that] financial services firms filed to the U.S. government.” This was in the first six months of 2021 alone, which represented “more than 40% more than the total for all of 2020.”
Personal Responsibility in Dealing with Ransomware
Despite the DOJ successfully bringing Vasinskyi and other attackers to justice, the increasing rash of ransomware attacks on businesses—and even unsuspecting individuals—makes it clear that the government needs everyone’s help, the same way law enforcement needs all the help it could get to apprehend other types of criminals.
For example, the National Cybersecurity Alliance calls on everyone to “own their role in protecting their information and securing their systems and devices.” It goes on to recommend the following measures:
- Keep your computer clean: To reduce the chance of a malware or ransomware infection, make sure all internet-connected devices, such as desktop computers, mobile phones, and tablets, are running the most recent versions of all necessary software. Set up your devices to alert you when an update is ready or adjust their settings so they update automatically.
- Use multi-factor authentication: When available, use multi-factor authentication, such as biometrics, security keys, or a one-time code through an app on your mobile device.
- Use unique, long passwords: A password that is at least 12 characters long is stronger than a shorter, complex one. It’s also a good idea to use phrases that are easy to remember.
- Use a password manager: A password management tool is the most effective approach to managing passwords because it’s designed to keep track of all your usernames and passwords for online accounts. It also generates new passwords and saves them in a secure, encrypted database.
- Think twice before clicking: The simplest way for cybercriminals to get their hands on your sensitive information is through malicious links in emails, tweets, texts, posts, social media communications, and online advertisements. Always think twice when considering downloading or clicking on links from unknown sources or that you didn’t request.
- Back up your files frequently and consistently: Create an electronic copy of your work, music, images, and other digital information, then store it securely. This enables you to restore your backup data if your device is attacked by ransomware or another cyber threat. Reference the 3-2-1 rule when backing up your data: a minimum of three copies of your data, two backup copies on various storage media, and one copy in a different physical location.
Government Responsibility in Dealing with Ransomware
One of the primary duties of a government is to protect its citizens from threats. The White House, through a public statement, has this to say about ransomware: “The Biden Administration has pursued a focused, integrated effort to counter the threat.”
But although the government has taken the lead in the fight against ransomware, it’s also throwing some of the responsibility back on individual citizens and organizations, adding, “Yet, government action alone is not enough. The Administration has called on the private sector, which owns and operates the majority of U.S. critical infrastructure, to modernize their cyber defenses to meet the threat of ransomware.”
In other words, the U.S. government will play its part to the best of its abilities, using all relevant agencies to pursue attackers and help organizations and individuals bolster their defenses. But it’s also equally important that the private sector does its part.
Meanwhile, many companies are turning to a different line of defense to help cushion them from the financial damage an attack is likely to cause: cyber insurance.
Cyber Insurance: A Winning Solution?
A ransomware attack can get expensive—and fast. Proponents of cyber insurance argue that it provides organizations the funds to assemble the right team of specialists, including legal counsel and computer forensic analysts, to evaluate the situation and make a prompt recommendation after an attack.
However, some experts argue that the issue of cyber insurance and ransomware settlements can be tricky to navigate. On one hand, it insulates companies from financial disaster (at least in part—cyber insurance won’t cover all losses stemming from an attack). On the other, it puts a target on the backs of organizations that have chosen to get coverage. Their risk of an attack increases the moment ransomware attackers find out they have the financial wherewithal to pay the ransom.
What Exactly Does Cyber Insurance Cover?
According to cyber insurance provider Marsh McLennan, there’s only one thing critics get right: the fact that insurance companies pay claims.
Cyber insurance typically helps with the following, aside from legal fees and ransom payments:
- Restoring data from compromised systems and repairing malfunctioning computers
- Protection against data compromise, which includes offering credit monitoring for customers
- Notifying customers of a data breach and restoring affected consumers’ personal information
- Identity recovery protection, which helps victims rebuild their credit history
Examples of the DOJ’s Action Against Ransomware
The Vasinskyi incident mentioned at the outset is just one example of the DOJ getting aggressive with ransomware criminals. Maksim Berezan, an Estonian ransomware attacker, was also sentenced to 66 months in prison for his crimes and was ordered to pay $36 million in restitution. A Canadian national, who was part of a Ransomware-as-a-Service (RaaS) gang, was charged and then extradited to Florida to face charges. He has since pled guilty.
To further protect U.S. businesses and communities, together with the Department of Homeland Security (DHS) and other federal partners, the DOJ launched the website StopRansomware.gov, a one-stop hub for ransomware resources that individuals and organizations can use on-demand.
Security Is a Shared Responsibility
Although cyber insurance can definitely help organizations in case of an attack, it’s simply not enough. Similarly, although the government is doing what it could to catch cyber criminals, it needs everyone’s help.
Anyone can be a cyber soldier. To stay a step ahead of bad actors, the first things organizations can do is to educate their employees regarding cyber hygiene, work together with other organizations, and use tools like artificial intelligence (AI) to detect not just existing threats but brand-new attacks on the landscape as well.
Remember—the key to staying cyber safe, whether you have cyber insurance or not, is to install all the necessary protections to prevent a cyberattack from happening in the first place.