Strategies for Combating Ransomware: Insights from IST Panelists

Law enforcement and cybersecurity experts are emphasizing the need for a multi-faceted approach to combat ransomware attacks, as discussed during a recent panel hosted by the Institute for Security and Technology (IST). The panel highlighted various strategies, including disrupting the criminal ecosystems that enable cyber attacks and redirecting potential recruits towards legal pathways.

While law enforcement has made significant arrests of ransomware perpetrators, such actions are just one part of an effective response. Marc Rogers, an adjunct senior technical adviser with IST, pointed out that when a leader of a ransomware gang is arrested, another individual often steps in to take their place. Therefore, it is crucial for law enforcement to target different aspects of the ecosystem supporting ransomware attacks.

For instance, efforts to disrupt ransomware groups like LockBit and Qakbot have proven to be impactful in reducing cyber threats. Allan Liska, an intelligence analyst with Recorded Future, highlighted the importance of targeting entities early in the cyber attack chain to prevent further criminal activities.

Additionally, defenders need to address vulnerabilities in their infrastructure and processes to strengthen their defenses against ransomware attacks. Jason Kikta, another IST adjunct senior technical adviser, emphasized the need to tackle basic security issues to prevent attackers from exploiting known weaknesses.

The panel also shed light on the emergence of youth hackers who employ low-tech methods to carry out ransomware attacks. The “Com” online community, comprised of teenage hackers, has been involved in high-profile hacks targeting organizations like MGM and Caesars Entertainment. Rogers noted that these young hackers often use targeted social engineering tactics to breach victim organizations.

While law enforcement faces challenges in pursuing international perpetrators, there are opportunities to address domestic actors targeting local organizations. Efforts to intervene early and steer individuals away from criminal activities are crucial in preventing future cyber crimes. Bug bounty programs and initiatives to connect tech-savvy individuals with legitimate job opportunities were suggested as effective measures to combat ransomware attacks.

Overall, the panelists emphasized the importance of disrupting cyber criminals from multiple angles, aligning with recommendations from the IST Ransomware Task Force report. By targeting criminals’ IT infrastructure, cryptocurrency, and the criminals themselves, governments can work towards reducing the impact of ransomware attacks and enhancing cybersecurity measures.