Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


08:35 PM
Connect Directly

Time To Treat Sponsors Of Ransomware Campaigns As Terrorists, Lawmaker Says

Fighting ransomware at an international level will require cooperation between law enforcement and State Department, Sen. Lindsey Graham, said at a Senate hearing.

A senior lawmaker Wednesday hinted that nations not doing enough to stop ransomware groups from operating within their countries should be treated in the same way that the US treats countries that sponsor terror groups.

In opening comments at a Senate Judiciary subcommittee hearing Wednesday, Senator Lindsey Graham described ransomware attacks as a “terrible crime” affecting schools, hospitals, and the lives of thousands of others.

“[Ransomware] has a psychological, violent aspect to it,” Graham said. “It is just a matter of time before somebody gets physically hurt,” he said while expressing the government’s intention to give law enforcement the tools needed to combat the scourge.

“Maybe what we should think about when it comes to the nation state aspect of [ransomware] is to have a collaboration between the Department of Justice and maybe the State Department,” he said.

The goal should be to identify nations that are doing a good job in trying to deal with the problem and to help them in that effort while weeding out the ones that are not doing enough or are actively sponsoring such attacks.

“We have a state-sponsor of terrorism list that the State Department collects,” Graham noted. “If you are on that list, bad things come your way because you are a bad actor.”

Graham said it may be time to consider adopting a similar approach to countries that are either aiding and abetting ransomware operators or not doing enough to stop them: “If we don’t wake up some of the nation-states where these problems reside in large measure, you are never going to fix this problem.”

Richard Downing, deputy attorney general at the US Department of Justice and one of the witnesses at the hearing, characterized the scope of the ransomware problem as "staggering." One of his recommendations is for Congress to enact legislation that will close loopholes in existing laws and make it easier for FBI and law enforcement in general to pursue and prosecute those involved in ransomware schemes.

Current statutes such as the Computer Fraud and Abuse Act (CFAA) already make it a crime for people to create botnets by breaking into computers or using a botnet to carry out ransomware attacks. But the law is less clear on the implications for people who might be renting or selling a botnet but are not actually using it, he said.

Similarly, while federal law gives courts the authority to issue injunctions for disrupting the operation of a botnet, such action is limited to botnets that are being actively used to commit specific categories of crime. There is little in existing law pertaining to what actions law enforcement would be able to take in situations where a botnet might be used to send phishing emails or to launch denial of service attacks, or if a botnet is known to exist but is inactive, Downing said.

“The revenue generated by ransomware is not insignificant,” said Adam Meyers, vice president of intelligence at security vendor CrowdStrike, who also spoke as a witness at the hearing.

The only way to slow down those behind such campaigns is to make it harder and costlier for them to operate, Meyers said. The goal should be to make the potential downsides of running a ransomware campaign greater than any upside for the criminals. Only by turning the tables on the economic factors that fuel ransomware can the scourge be eliminated, he said.

Related stories:

Jai Vijayan is a seasoned technology reporter with over 20 years of experience in IT trade journalism. He was most recently a Senior Editor at Computerworld, where he covered information security and data privacy issues for the publication. Over the course of his 20-year ... View Full Bio

Recommended Reading:

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
User Rank: Author
5/19/2016 | 9:32:12 AM
Re: Not quite as extreme, but...
That's the whole problem: How do you find the criminals?

Almost every time a politician weighs in on how we need to adopt a "tougher stance" on cyber criminals, they make it sound like a decision. It's not as if cyber criminals are operating in the open, using their real names and locations, and law enforcement has just decided it's not worth catching them. 

Instead, catching those behind cyber crimes like ransomware is an intricate, complex game that cannot be solved with a simple "bad things come your way because you are a bad actor" sound bite. It's just not that easy.

We can't fight new and sophisticated problems with old and simple policies. And although that truth may not be as popular as a "we're going to hunt you down" sound bite on the news, it's the reality. 
User Rank: Ninja
5/19/2016 | 7:31:45 AM
Not quite as extreme, but...
While I don't think you can really put people who encrypt files in the same category as murderers, ransomware is a troubling growth industry for hackers. Perhaps sanctions should be considered against countries that house them, but considering nailing down their location is so difficult, I'm not sure that proof could be acquired in a definitive manner
7 Old IT Things Every New InfoSec Pro Should Know
Joan Goodchild, Staff Editor,  4/20/2021
Cloud-Native Businesses Struggle With Security
Robert Lemos, Contributing Writer,  5/6/2021
Defending Against Web Scraping Attacks
Rob Simon, Principal Security Consultant at TrustedSec,  5/7/2021
Register for Dark Reading Newsletters
White Papers
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2021-05-12
A flaw was found in samba. Spaces used in a string around a domain name (DN), while supposed to be ignored, can cause invalid DN strings with spaces to instead write a zero-byte into out-of-bounds memory, resulting in a crash. The highest threat from this vulnerability is to system availability.
PUBLISHED: 2021-05-12
A flaw was found in keycloak. Directories can be created prior to the Java process creating them in the temporary directory, but with wider user permissions, allowing the attacker to have access to the contents that keycloak stores in this directory. The highest threat from this vulnerability is to ...
PUBLISHED: 2021-05-12
An incorrect permission vulnerability in the product installer for Trend Micro HouseCall for Home Networks version 5.3.1179 and below could allow an attacker to escalate privileges by placing arbitrary code on a specified folder and have that code be executed by an Administrator who is running a sca...
PUBLISHED: 2021-05-12
An incorrect permission vulnerability in the product installer folders for Trend Micro HouseCall for Home Networks version 5.3.1179 and below could allow an attacker to escalate privileges by placing arbitrary code on a specified folder and have that code be executed by an Administrator who is runni...
PUBLISHED: 2021-05-12
An issue was discovered in Smartstore (aka SmartStoreNET) through 4.1.1. Views/PrivateMessages/View.cshtml does not call HtmlUtils.SanitizeHtml on a private message.