Fraud Management & Cybercrime , Ransomware
White House Slams Russia Over Ransomware's Healthcare Hits
UN Members Urge Better Critical Infrastructure Resilience to Counter ThreatsRansomware is a public health crisis and not just a cybersecurity problem, stressed a Biden administration official during a Friday briefing to the United Nations Security Council in which she also upbraided Russia for harboring cybercriminals.
See Also: Live Webinar | Crack the Code on Ransomware: Empowering Your Last Line of Defense
A Friday joint statement signed by 54 UN member states calls on all of the UN members "to collectively work together to strengthen the cybersecurity and resilience of our critical infrastructure and work to confront and disrupt the ransomware threat," especially for healthcare and emergency services.
"The increasing threat of ransomware is detrimental to all of us," the countries said.
Speaking during a Security Council briefing on ransomware attacks against the healthcare sector, Anne Neuberger, deputy national security adviser at the White House, accused Russia of allowing "ransomware actors to operate from their territory with impunity, even after they have been asked to rein it in."
Major attacks on healthcare, as well as new ransomware variants and associated cybercrime services, all have a nexus with Russia. "Last year, BlackCat and LockBit accounted for more than 30% of claimed healthcare ransomware attacks worldwide," she said. "In 2024, among other attacks, LockBit claimed credit for a cyberattack on Croatia's largest hospital and published confidential data on patients stolen from a French hospital system."
The tempo of ransomware attacks is increasing. The FBI counted 249 ransomware attacks against the U.S. healthcare sector in 2023 and 191 such attacks just in the first half of this year (see: Feds Warn Health Sector of an Array of Cyberthreats).
"U.S. hospitals have delayed medical procedures, disrupted patient care because of multiweek outages, diverted patients to other facilities, rescheduled medical appointments, and strained acute care provisioning and capacity as a result of ransomware attacks," said the U.S. Office of the Director of National Intelligence. The actual number of attacks is undoubtedly much higher than what's being reported to law enforcement.
In 2021, the Biden administration announced that it was tackling ransomware on three fronts: working to boost the cyber resilience of American organizations, such as by honing defenses and incident response capabilities; treating ransomware as a national security threat and marshalling law enforcement to better pursue and disrupt the individuals and groups involved; and using diplomacy to try and dismantle the "safe havens" from which so many of them continued to operate.
Arguably, the first two parts of that strategy produced results through efforts such as the Counter Ransomware Initiative, which counts dozens of states as members. In addition, 41 nations so far have pledged that they - and their government agencies - will never pay any ransom. Coordinated international law enforcement operations continue to arrest cybercrime practitioners, and to disrupt infrastructure and "name and shame" practitioners beyond their reach.
Arresting Russian suspects remains challenging, not least since Russian President Vladimir Putin in February 2022 launched a war of conquest against Ukraine. Unless suspects take an ill-advised vacation - and surprisingly, some continue to do so - they remain beyond the reach of Western law enforcement.
Deniable Asset
Despite facing repeat diplomatic call-outs, Putin's regime seems to treat domestic ransomware practitioners as a denial asset. Multiple rules apply: don't attack Russia - or its allies; do favors for the intelligence services upon request; don't hit Western targets in a way that provokes a high-level diplomatic response. Thus far, the red lines appear to involve critical national infrastructure on the order of Ireland's health service or a major U.S. gasoline pipeline.
Otherwise, it's open season on the likes of hospital groups, blood suppliers and pathology services, not just thanks to criminal miscreants who will gamble with people's lives to turn a profit, but for officials who seek to spread chaos and undermine people's trust in their leaders (see: Russian Trolls 'Spread Vaccine Misinformation' Online).
Experts say that such tactics have long been part of the information warfare or "active measures" 4D campaigns - dismiss, distort, distract and dismay - practiced in Moscow.
Ahead of Donald Trump taking office on Jan. 20, 2025, open questions remain about the extent to which he might - or might not - call out Putin, to what degree anti-ransomware initiatives will factor into his domestic and foreign policy agendas, and if Russians will collectively bother changing their tactics.
Even if the U.S. absents itself from continuing to take an active leadership role in combating cybercrime, other countries may carry on and continue to work with the FBI and Department of Justice (see: Combating Cybercrime: What to Expect From Trump Presidency?).