When rEvil went dark over the summer, some thought that the U.S. government’s pressure on Russia for allowing ransomware gangs to operate in the country was paying off.
However, the ransomware gang that leveraged the Kaseya platform to infect over 1,000 organizations has since resurfaced, and there are no clear signs that the Russian government is even doing anything to stem the tide of ransomware attacks originating from that country.
According to The Washington Post, U.S. law enforcement and cybersecurity experts say cybercriminals are still operating in Russia without interference from their country’s law enforcement agencies.
The Post cited FBI Deputy Director Paul Abbate, who said the gangs are “still operating in the permissive environment” the Russian government has created, and U.S. requests for help extraditing ransomware hackers has not produced results.
The paper also cited National Cyber Director Chris Inglis, who said that although the last few months haven’t produced anything on the scale of a Colonial Pipeline or supply chain attack scenario, there is no evidence that it’s because of any government action.
“I’d like to change the decision calculus of the good guys and gals in this space such that they take a meaningful role in their own defense,” National Cyber Director Chris Inglis said at the same conference. “I’d also like to change the decision calculus of those … that have been responsible for things like ransomware.”
There have been fewer high-profile attacks in recent months, Inglis noted — nothing on the scale of Colonial or a Fourth of July weekend attack against the software provider Kaseya that forced hundreds of its customers offline for days.
But there’s no evidence that it’s because Putin asked the hackers to back off.
In fact, ransomware attacks have generally been consistent since U.S. President Biden met with his Russian counterpart in Geneva back in June.
The Post also reported that the Biden Administration is working on voluntary standards for critical industries, which comes after it mandated cybersecurity standards for pipelines.
What this means for U.S. companies is that they must invest in their own cybersecurity protection and implement new protocols and standards to help protect against ransomware since geopolitical action isn’t producing any results.