The same week that infamous cybercriminal gang REvil reemerged from the depths of the Dark Web with a new ransomware variant, U.S. officials say that not much has changed when it comes to ransomware and Russia.
President Biden spoke with Russian President Vladimir Putin in July 2021 to discuss ransomware gangs based in Russia and what must be done about them attacking American critical infrastructure entities.
FBI Deputy Director Paul Abbate spoke at an intelligence summit this week and said that, so far, the results of warnings to Russia is more of the same:
"There is no indication that the Russian government has taken action to crack down on ransomware actors that are operating in the permissive environment that they've created thereā¦ we've asked for help and cooperation with those who we know are in Russia, who we have indictments against, and we've seen no action. So, I would say that nothing's changed in that regard."
But the U.S. is not giving up in this fight just yet.
Earlier this week, the Associated Press spoke with U.S. General Paul Nakasone who discussed the government's focus on finding and sharing information about cyberattacks, as well as its intent to "impose costs when necessary."
Nakasone helps leads both the National Security Agency (NSA) and U.S. Cyber Command, two government agencies leading the fight to identify people and countries behind cyberattacks.
Nakasone explained that the U.S. position has shifted, rapidly:
"Even six months ago, we probably would have said, 'Ransomware, that's criminal activity.' But if it has an impact on a nation, like we've seen, then it becomes a national security issue. If it's a national security issue, then certainly we're going to surge toward it."
Are we thinking about ransomware attacks in the wrong way? CNN Analyst and retired Air Force Col. Cedric Leighton thinks so. He explained as much to our SecureWorld audience a few months ago. He had been talking about the Colonial Pipeline cyberattack, the JBS Foods ransomware incident, and others:
"The instrument of choice in these cases was ransomware. But you can't see it as an isolated incident, because ransomware is actually part of a broader strategy. When you look at the way in which these operations were conducted, and the strategy that was involved, it was clearly to go after elements of the critical infrastructure."
Col. Leighton says we need a shift in mindset and strategy when it comes to ransomware:
"We have to learn not only to deal with ones and zeros, and we have to learn to out think the enemy. We need to be more than just responsive to what they're doing. We have to anticipate their next moves.
That's why we need to develop a completely new way of thinking about cyber warfare. In order to do that, we have to realize that a whole of society approach to cyber warfare is the only way that we can succeed against rivals such as Russia, China, and North Korea, and even Iran."
Here is the first step. This is how he would like to see this strategy unfold:
"In order to establish a whole of society approach, everyone needs to be convinced that they're part of what amounts to a cyber force. You might not be wearing a uniform, you might not have sworn an oath, at least not officially.
But what you're doing as part of the cyber security profession is you are in essence protecting the networks that you are charged with defending. And that is why you are a member of the cyber force."
[RELATED: Podcast episode, Nation-State Cyber Threats: What Now?]
Do you already feel like a member of the "cyber force" as Colonel Leighton calls it? And what can you do to help end-users at your organization, and the general public, take on a role like that to build our collective defenses?
Let us know in the comments below. And join fellow members of the "cyber force" at a regional SecureWorld conference in the next few weeks.