London Daily

Focus on the big picture.
Tuesday, Sep 16, 2025

Ransomware Attackers Up Ante as White House Vows Crack Down

Ransomware Attackers Up Ante as White House Vows Crack Down

A series of major cyber-attacks in recent weeks has underscored the brazenness of the attackers and the challenges of tackling the problem of ransomware, just as the Biden administration announced plans to take on the issue.

In a matter of days, attacks were revealed against the police department in Washington, D.C. , where the hackers threatened to release information about police informants to criminal gangs; the Illinois Attorney General’s office, which had been warned about weak cybersecurity practices in a recent state audit; and San Diego-based Scripps Health, where medical procedures were canceled and emergency patients diverted to other hospitals.

Then on Saturday, Colonial Pipeline confirmed that it had joined the list of recent ransomware victims in an attack that threatened to upend gasoline and diesel supplies on the East Coast. While few details about the attack are yet known, Colonial shut down the biggest gasoline pipeline in the U.S. as part of an effort to contain the threat.

“The recent ransomware attacks illustrate, by their number severity and range of targets, why we need to treat this problem on the level of a real national security threat both here and around the world,” said Christopher Painter, coordinator for cyber issues at the State Department under President Barack Obama. “Fortunately, people in our government are paying attention.”

The string of attacks came as the Biden administration has vowed to take on ransomware, which Department of Homeland Security Secretary Alejandro Mayorkas last week called “one of our most significant priorities right now.” His agency in March announced a 60-day sprint to address ransomware, and the Department of Justice has created its own ransomware task force.



Malicious Link

Ransomware is a type of malware -- often hidden in a phishing email or a malicious link -- that locks up a victim’s files, which the attackers promise to unlock for a ransom payment. More recently, ransomware groups have started stealing data and threatening to release it unless they are paid.

“It’s now a double-extortion scheme,” said Tyler Hudak, who handles incident response for the cybersecurity firm TrustedSec. “A lot of organizations will pay just to make sure their private data doesn’t get out.”

The scope of ransomware attacks is rapidly growing, with police departments, dental clinics, school districts and IT companies among the victims. Cybersecurity firm Emsisoft found that that almost 2,400 U.S. based governments, health-care facilities and schools were hit by ransomware in 2020.

A report released last month by a ransomware task force -- which included cybersecurity experts, government officials and academics -- said the amount paid by ransomware victims increased by 311% in 2020, reaching about $350 million in cryptocurrency. The average ransom paid by organizations in 2020 was $312,493, according to report.

So far, in addition to singling out ransomware, the Biden administration has also vowed to bolster defenses of critical infrastructure, including the electrical grid. The hackers behind the Colonial Pipeline attack took aim at both priorities, though it’s not clear if that was intentional.

While the investigation is still underway, a ransomware group called DarkSide appears to be behind the attack, according to Allan Liska, senior threat analyst at the cybersecurity firm Recorded Future.



Double Extortion

DarkSide first surfaced in August 2020 and uses the ransomware-as-a-service model, according to a blog post from the cybersecurity firm Cybereason. DarkSide uses the double extortion method in which it not only encrypts a victim’s data but exfiltrates it and threatens to make it public unless the ransom is paid, according to Cybereason.

“DarkSide is observed being used against targets in English-speaking countries and appears to avoid targets in countries associated with former Soviet Bloc Nations,” according to the blog.

While ransomware is primarily a profit-seeking venture perpetuated by criminals, there are allegations of foreign governments enabling or engaging in the attacks. Last year, the U.S. issued a warning about North Korea cyber crimes, including ransomware, saying the regime was increasing relying on illicit activity to generate money for weapons. In announcing sanctions against Russia in April, the Treasury Department stated that Russian intelligence cultivates and co-opts hackers “enabling them to engage in disruptive ransomware attacks and phishing campaigns.”

What to know in techGet insights from reporters around the world in the Fully Charged newsletter.
A major challenge in cracking down on ransomware is that many of the hackers operate out of countries that are unable or unwilling to prosecute them, making it difficult for authorities in the U.S. or elsewhere to bring them justice, according to the task force report. The hackers insist that ransom payments are made in cryptocurrency, making them difficult to track. It’s also relatively easy and cheap to launch ransomware, since some gangs now sell versions of the malware with instructions and customer service, a sort of criminal variation of the “software-as-a-service” model.

Another confounding issue is that many victims pay the ransom, something the FBI warns against because it encourages the attackers to target more victims and offers an incentive for others to get involved.

The task force report, prepared by the Institute for Security and Technology, includes 48 actions the Biden administration and the private sector could pursue for tackling ransomware, including using diplomacy and law enforcement to discourage foreign governments from providing a safe haven for ransomware gangs and imposing tougher regulation on cryptocurrency.

Painter, who was part of the task force, said it was a “timely call to action.” He added that “this problem will only get worse if we don’t address it now in a comprehensive way.”

Hudak said the success of ransomware gangs depends on establishing a reputation. That’s one reason many of them, including DarkSide, create pages on the dark web showing which companies they have attacked and files they’ve released from victims that don’t pay, he said.

“We’re working an incident right now where DarkSide is involved,” Hudak said. “They do research on their victims. They’ll know much money they make, whether they have cyber insurance and what that insurance will pay.”

Newsletter

Related Articles

0:00
0:00
Close
China Finds Nvidia Violated Antitrust Laws in Mellanox Deal, Deepens Trade Tensions with US
US Air Force Begins Modifications on Qatar-Donated Jet Amid Plans to Use It as Air Force One
Pope Leo Warns of Societal Crisis Over Mega-CEO Pay, Citing Tesla’s Proposed Trillion-Dollar Package
Poland Green-Lights NATO Deployment in Response to Major Russian Drone Incursion
Elon Musk Retakes Lead as World’s Richest After Brief Ellison Surge
U.S. and China Agree on Framework to Shift TikTok to American Ownership
London Daily Podcast: London Massive Pro Democracy Rally, Musk Support, UK Economic Data and Premier League Results Mark Eventful Weekend
This Week in AI: Meta’s Superintelligence Push, xAI’s Ten Billion-Dollar Raise, Genesis AI’s Robotics Ambitions, Microsoft Restructuring, Amazon’s Million-Robot Milestone, and Google’s AlphaGenome Update
Le Pen Tightens the Pressure on Macron as France Edges Toward Political Breakdown
Musk calls for new UK government at huge pro-democracy rally in London, but Britons have been brainwashed to obey instead of fighting for their human rights
Elon Musk responds to post calling for the murder of Erika Kirk, widow of Charlie Kirk: 'Either we fight back or they will kill us'
Czech Republic signs €1.34 billion contract for Leopard 2A8 main battle tanks with delivery from 2028
USA: Office Depot Employees Refused to Print Poster in Memory of Charlie Kirk – and Were Fired
Proposed U.S. Bill Would Allow Civil Suits Against Judges Who Release Repeat Violent Offenders
Penske Media Sues Google Over “AI Overviews,” Claiming It Uses Journalism Without Consent and Destroys Traffic
Indian Student Engineers Propose “Project REBIRTH” to Protect Aircraft from Crashes Using AI, Airbags and Smart Materials
French Debt Downgrade Piles Pressure on Macron’s New Prime Minister
US and UK Near Tech, Nuclear and Whisky Deals Ahead of Trump Trip
One in Three Europeans Now Uses TikTok, According to the Chinese Tech Giant
Could AI Nursing Robots Help Healthcare Staffing Shortages?
NATO Deploys ‘Eastern Sentry’ After Russian Drones Violate Polish Airspace
Anesthesiologist Left Operation Mid-Surgery to Have Sex with Nurse
Tens of Thousands of Young Chinese Get Up Every Morning and Go to Work Where They Do Nothing
The New Life of Novak Djokovic
The German Owner of Politico Mathias Döpfner Eyes Further U.S. Media Expansion After Axel Springer Restructuring
Suspect Arrested: Utah Man in Custody for Charlie Kirk’s Fatal Shooting
In a politically motivated trial: Bolsonaro Sentenced to 27 Years for Plotting Coup After 2022 Defeat
German police raid AfD lawmaker’s offices in inquiry over Chinese payments
Turkish authorities seize leading broadcaster amid fraud and tax investigation
Volkswagen launches aggressive strategy to fend off Chinese challenge in Europe’s EV market
ChatGPT CEO signals policy to alert authorities over suicidal youth after teen’s death
The British legal mafia hit back: Banksy mural of judge beating protester is scrubbed from London court
Surpassing Musk: Larry Ellison becomes the richest man in the world
Embarrassment for Starmer: He fired the ambassador photographed on Epstein’s 'pedophile island'
Manhunt after 'skilled sniper' shot Charlie Kirk. Footage: Suspect running on rooftop during panic
Effective Protest Results: Nepal’s Prime Minister Resigns as Youth-Led Unrest Shakes the Nation
Qatari prime minister says Netanyahu ‘killed any hope’ for Israeli hostages
King Charles and Prince Harry Share First In-Person Moment in 19 Months
Starmer Establishes Economic ‘Budget Board’ to Centralise Policy and Rebuild Business Trust
France Erupts in Mass ‘Block Everything’ Protests on New PM’s First Day
Poland Shoots Down Russian Drones in Airspace Violation During Ukraine Attack
Brazilian police say ex-President Bolsonaro had planned to flee to Argentina seeking asylum
Trinidad Leader Applauds U.S. Naval Strike and Advocates Forceful Action Against Traffickers
Kim Jong Un Oversees Final Test of New High-Thrust Solid-Fuel Rocket Engine
Apple Introduces Ultra-Thin iPhone Air, Enhanced 17 Series and New Health-Focused Wearables
Macron Appoints Sébastien Lecornu as Prime Minister Amid Budget Crisis and Political Turmoil
Supreme Court temporarily allows Trump to pause billions in foreign aid
Charlie Sheen says his father, Martin Sheen, turned him in to the police: 'The greatest betrayal possible'
Vatican hosts first Catholic LGBTQ pilgrimage
Apple Unveils iPhone 17 Series, iPhone Air, Apple Watch 11 and More at 'Awe Dropping' Event
×