London Daily

Focus on the big picture.
Wednesday, Jul 15, 2026

Ransomware Attackers Up Ante as White House Vows Crack Down

Ransomware Attackers Up Ante as White House Vows Crack Down

A series of major cyber-attacks in recent weeks has underscored the brazenness of the attackers and the challenges of tackling the problem of ransomware, just as the Biden administration announced plans to take on the issue.

In a matter of days, attacks were revealed against the police department in Washington, D.C. , where the hackers threatened to release information about police informants to criminal gangs; the Illinois Attorney General’s office, which had been warned about weak cybersecurity practices in a recent state audit; and San Diego-based Scripps Health, where medical procedures were canceled and emergency patients diverted to other hospitals.

Then on Saturday, Colonial Pipeline confirmed that it had joined the list of recent ransomware victims in an attack that threatened to upend gasoline and diesel supplies on the East Coast. While few details about the attack are yet known, Colonial shut down the biggest gasoline pipeline in the U.S. as part of an effort to contain the threat.

“The recent ransomware attacks illustrate, by their number severity and range of targets, why we need to treat this problem on the level of a real national security threat both here and around the world,” said Christopher Painter, coordinator for cyber issues at the State Department under President Barack Obama. “Fortunately, people in our government are paying attention.”

The string of attacks came as the Biden administration has vowed to take on ransomware, which Department of Homeland Security Secretary Alejandro Mayorkas last week called “one of our most significant priorities right now.” His agency in March announced a 60-day sprint to address ransomware, and the Department of Justice has created its own ransomware task force.



Malicious Link

Ransomware is a type of malware -- often hidden in a phishing email or a malicious link -- that locks up a victim’s files, which the attackers promise to unlock for a ransom payment. More recently, ransomware groups have started stealing data and threatening to release it unless they are paid.

“It’s now a double-extortion scheme,” said Tyler Hudak, who handles incident response for the cybersecurity firm TrustedSec. “A lot of organizations will pay just to make sure their private data doesn’t get out.”

The scope of ransomware attacks is rapidly growing, with police departments, dental clinics, school districts and IT companies among the victims. Cybersecurity firm Emsisoft found that that almost 2,400 U.S. based governments, health-care facilities and schools were hit by ransomware in 2020.

A report released last month by a ransomware task force -- which included cybersecurity experts, government officials and academics -- said the amount paid by ransomware victims increased by 311% in 2020, reaching about $350 million in cryptocurrency. The average ransom paid by organizations in 2020 was $312,493, according to report.

So far, in addition to singling out ransomware, the Biden administration has also vowed to bolster defenses of critical infrastructure, including the electrical grid. The hackers behind the Colonial Pipeline attack took aim at both priorities, though it’s not clear if that was intentional.

While the investigation is still underway, a ransomware group called DarkSide appears to be behind the attack, according to Allan Liska, senior threat analyst at the cybersecurity firm Recorded Future.



Double Extortion

DarkSide first surfaced in August 2020 and uses the ransomware-as-a-service model, according to a blog post from the cybersecurity firm Cybereason. DarkSide uses the double extortion method in which it not only encrypts a victim’s data but exfiltrates it and threatens to make it public unless the ransom is paid, according to Cybereason.

“DarkSide is observed being used against targets in English-speaking countries and appears to avoid targets in countries associated with former Soviet Bloc Nations,” according to the blog.

While ransomware is primarily a profit-seeking venture perpetuated by criminals, there are allegations of foreign governments enabling or engaging in the attacks. Last year, the U.S. issued a warning about North Korea cyber crimes, including ransomware, saying the regime was increasing relying on illicit activity to generate money for weapons. In announcing sanctions against Russia in April, the Treasury Department stated that Russian intelligence cultivates and co-opts hackers “enabling them to engage in disruptive ransomware attacks and phishing campaigns.”

What to know in techGet insights from reporters around the world in the Fully Charged newsletter.
A major challenge in cracking down on ransomware is that many of the hackers operate out of countries that are unable or unwilling to prosecute them, making it difficult for authorities in the U.S. or elsewhere to bring them justice, according to the task force report. The hackers insist that ransom payments are made in cryptocurrency, making them difficult to track. It’s also relatively easy and cheap to launch ransomware, since some gangs now sell versions of the malware with instructions and customer service, a sort of criminal variation of the “software-as-a-service” model.

Another confounding issue is that many victims pay the ransom, something the FBI warns against because it encourages the attackers to target more victims and offers an incentive for others to get involved.

The task force report, prepared by the Institute for Security and Technology, includes 48 actions the Biden administration and the private sector could pursue for tackling ransomware, including using diplomacy and law enforcement to discourage foreign governments from providing a safe haven for ransomware gangs and imposing tougher regulation on cryptocurrency.

Painter, who was part of the task force, said it was a “timely call to action.” He added that “this problem will only get worse if we don’t address it now in a comprehensive way.”

Hudak said the success of ransomware gangs depends on establishing a reputation. That’s one reason many of them, including DarkSide, create pages on the dark web showing which companies they have attacked and files they’ve released from victims that don’t pay, he said.

“We’re working an incident right now where DarkSide is involved,” Hudak said. “They do research on their victims. They’ll know much money they make, whether they have cyber insurance and what that insurance will pay.”

Newsletter

Related Articles

0:00
0:00
Close
Spain in Ecstasy: "We Feel Unbeatable, We Taught the Whole World a Lesson"
Spain and UK Dismantle Gibraltar Border Following Landmark Schengen Integration Treaty
Forget Tinder: The Surprising Platform Where People Find Love
UK Government Faces Growing Debate Over Local Control of Immigration Enforcement
UK Biodiversity Forum Highlights Business Need to Protect Natural Environment
UK Parliament to Consider Workplace Temperature Limits Amid Climate Concerns
UK Parliament Considers Independent Immigration Appeals Authority Proposal
BBC Charter Renewal Scrutiny Intensifies as Parliament Reviews Broadcaster’s Future
Parliament Reviews Future of UK Maternity and Neonatal Care Services
UK-India Trade Accelerator Launched to Help Smaller Firms Expand Into Indian Market
UK Business Leaders Meet in Edinburgh to Address Economic Risks From Biodiversity Loss
UK Parliament Prepares for Sir Keir Starmer’s Final Prime Minister’s Questions Before Leadership Transition
Green Party-Led Lewisham Council Moves Against Cooperation With Home Office Immigration Raids
UK Government Faces Parliamentary Pressure Over Capita Contracts in Shared Services Programme
UK Economy Expected to See Modest Growth as OECD Highlights Fiscal and Global Risks
Public Accounts Committee Warns UK Government’s Four Point Three Billion Pound Shared Services Plan Risks Failure
EU and UK Sign Agreement Removing Gibraltar Border Controls After Years of Post-Brexit Uncertainty
OECD Warns UK Must Maintain Fiscal Discipline as Andy Burnham Prepares to Become Prime Minister
UK-India Free Trade Agreement Enters Into Force as Businesses Seek New Growth Opportunities
Harvard Astrophysicist to Lead U.S. Scientific Advisory on Unidentified Aerial Phenomena
On the Island That Did Not Yield to Trump, There Is No Electricity, and 10 Million Live in Darkness
Emergency Sirens Activated Across Bahrain as Interior Ministry Issues Shelter Directives
Key Trends to Watch
United Nations Expert Calls for Full Implementation of Supreme Court Ruling on Legal Definition of Sex
Industry Coalition Urges Labour Lawmakers to Back Continued North Sea Oil and Gas Production
Parliamentary Committee Calls for Tougher Restrictions on Unhealthy Food Advertising
Government Expands Awaab's Law to Cover Heat and Additional Housing Hazards
Energy Regulator Opens Independent Investigation Into National Grid Operator
United Kingdom and European Union Sign Landmark Gibraltar Border Agreement
Chancellor Unveils Financial Services Reform and Artificial Intelligence Strategy at Mansion House
Counterterrorism Police Take Over Investigation Into Killing of Former Minister Ann Widdecombe
Beer Industry Warns UK Rules Could Limit Growth of Alcohol-Free Market
Home Office Faces Legal Challenges Over Asylum Seeker Accommodation Closures
UK Heatwaves Linked to More Than Two Thousand Seven Hundred Deaths as Climate Debate Intensifies
Home Secretary Faces Pressure Over Political Security After Ann Widdecombe Murder Investigation
United Kingdom Opens Trade Consultation With Indonesia, Philippines, United Arab Emirates and Uruguay
Robert Jenrick Joins Reform UK After Leaving Conservative Party Leadership Role
Counter-Terrorism Police Take Over Investigation into Murder of Former MP Ann Widdecombe
Andy Burnham Secures Strong Labour Backing in Race to Succeed Keir Starmer
Global Markets Slide as Middle East Conflict Escalation Sends Oil Prices Higher
UK Prime Minister Keir Starmer Offers Condolences Following Death of Qatar’s Father Amir
UK Regional Innovation Policy Focuses on Research Clusters Across Scotland, Wales, and Northern England
UK Corporate Transparency Rules Set to Become More Strict Under Modern Slavery Reform Plans
UK Civil Service Estate Strategy Shifts Government Activity Away From London
UK Strengthens National Security Powers Through New Threat Designations
Greater Manchester Police Conduct Drink and Drug Driving Operations After Football Events
UK Government Advances Darlington Economic Campus With Construction Milestone
UK Authorities Increase Football-Related Security Operations After Tournament Fixtures
UK Invests Fifty-One Million Pounds in National Cryogenics Facility and Regional Innovation Hubs
UK Moves Toward Tougher Modern Slavery Reporting Rules With Corporate Penalties
×