Recently, the REvil ransomware has caused a headache for the US government. The ransomware launched a supply chain ransomware attack through Kaseya, a developer of enterprise network management software.
As of the publication of this article, about 1,500 downstream companies have been attacked. Currently, law enforcement agencies such as the FBI and the US Department of Homeland Security are involved in the investigation.
Currently, no security company attributed REvil to the support of the Russian ransomware group or the Russian government.
However, a security company discovered that if the ransomware detects that the operating system is in Russian, it will not attack. Obviously, this is related to Russia or neighboring countries.
US President Joe Biden recently held a conference call with Russian President Putin. During the meeting, Joe Biden asked Putin to crack down on ransomware groups in Russia.
At present, a considerable part of the ransomware groups that pose a major threat are related to Russia, and there are relatively many hacker groups in Russia.
The White House also mentioned in the press release that the U.S. government will establish regular communication with the Russian government, etc., in order to be able to better cooperate in combating threatening ransomware.
Joe Biden stated clearly to President Putin that even if this ransomware is not supported by the Russian government, the Russian government has the obligation to combat threats within its borders.
To this end, the US government will provide necessary ransomware investigation information to the Russian government so that Russian law enforcement agencies can directly arrest domestic criminal gangs.
In the briefing on the policy agenda of the Joe Biden administration, the White House press secretary also added that if the Russian government does not take action, the United States will take action on its own.
However, it is clear that US law enforcement agencies cannot enforce the law in Russia, so even if it can be attributed to specific ransomware groups, how to act is a problem.
This is also the reason why Joe Biden communicated with Putin, but in addition to law enforcement in Russia, US law enforcement agencies do have some ways to act.
For example, when the real identity information of the ransomware developer is confirmed, it will be notified to Interpol, and the developer may be intercepted at the port when the developer leaves the territory of Russia.
It’s just that this law enforcement process can be very troublesome and there is no way if the developer hides in Russia, so the US government may take other actions.
The action here specifically refers to which the US government has not stated clearly, but hopes that the two sides will not attack each other via ransomware, otherwise the enterprises will become victims.