BACKGROUND:
The US Dept. of Justice issued a news release: Ukrainian Arrested and Charged with Ransomware Attack on Kaseya – Justice Department Seizes $6.1 million Related to Alleged Ransomware Extortionists.
Release excerpts:
The Justice Department announced today recent actions taken against two foreign nationals charged with deploying Sodinokibi/REvil ransomware to attack businesses and government entities in the United States. An indictment unsealed today charges Yaroslav Vasinskyi, 22, a Ukrainian national, with conducting ransomware attacks against multiple victims, including the July 2021 attack against Kaseya, a multi-national information technology software company. The department also announced today the seizure of $6.1 million in funds traceable to alleged ransom payments received by Yevgeniy Polyanin, 28, a Russian national, who is also charged with conducting Sodinokibi/REvil ransomware attacks against multiple victims, including businesses and government entities in Texas on or about Aug. 16, 2019.
According to the indictments, Vasinskyi and Polyanin accessed the internal computer networks of several victim companies and deployed Sodinokibi/REvil ransomware to encrypt the data on the computers of victim companies.
<p>Companies that perform risk assessments against well-established frameworks can find gaps, remediate them, and measure their maturity (increasing or decreasing) over time. The re-work of the CMMC framework should make it more accessible as well as strengthen its underpinnings by aligning it directly to NIST SP 800-171 and -172. Of course, risk assessments using any well-constructed framework are only as good as the people who use them, the resources they have, and the thoroughness of execution. These efforts are well geared towards finding the gaps in controls that allow ransomware to flourish and could make the difference for companies that will be targeted by other actors in the future.<br /><br />The private sector is extremely vulnerable to attacks such as ransomware and need to bolster protections, create backups and test recovery, and see if cyber insurance is an option.<br /><br />The Justice Department seems to have a big win on its hands especially with the recovery of stolen funds. This will keep criminal’s heads down and potentially mess with their holiday travel plans.</p>
<p>The identification and apprehension of cyber criminals is a win for international law enforcement, but they have a long way to go before the private sector can relax its cybersecurity posture. With the resources available today, the barrier to entry as a hacker is low. Hackers can inflict an order of magnitude more damage with a very lightweight footprint. As long as ransomes are paid, hackers will continue to strike. The private sector needs to ensure they continue to invest in high caliber cyber teams and proactively anticipate continued ransomware attacks as part of the cyber threat landscape.<br /><br />CMMC is a positive approach to pushing the industry to adopt policies and procedures that help harden networks, but it is nearly impossible to suggest CMMC will prevent attacks. Hackers continuously invent new approaches to existing defenses. In light of this, nothing can remain static, or it risks becoming ineffective over time. Organizations across all sectors need a cyber and infosec team that understands their unique business model, specific vulnerabilities, and continuously work to build and refine defenses against a persistent threat of hackers.</p>
<p>We have the tools and technology to find talent even in a tight labor market. We need to continue to invest in cyber professionals to ensure models like CMMC are thoughtfully implemented to the fullest extent.</p>