London Daily

Focus on the big picture.
Thursday, Sep 04, 2025

Ransomware Attackers Up Ante as White House Vows Crack Down

Ransomware Attackers Up Ante as White House Vows Crack Down

A series of major cyber-attacks in recent weeks has underscored the brazenness of the attackers and the challenges of tackling the problem of ransomware, just as the Biden administration announced plans to take on the issue.

In a matter of days, attacks were revealed against the police department in Washington, D.C. , where the hackers threatened to release information about police informants to criminal gangs; the Illinois Attorney General’s office, which had been warned about weak cybersecurity practices in a recent state audit; and San Diego-based Scripps Health, where medical procedures were canceled and emergency patients diverted to other hospitals.

Then on Saturday, Colonial Pipeline confirmed that it had joined the list of recent ransomware victims in an attack that threatened to upend gasoline and diesel supplies on the East Coast. While few details about the attack are yet known, Colonial shut down the biggest gasoline pipeline in the U.S. as part of an effort to contain the threat.

“The recent ransomware attacks illustrate, by their number severity and range of targets, why we need to treat this problem on the level of a real national security threat both here and around the world,” said Christopher Painter, coordinator for cyber issues at the State Department under President Barack Obama. “Fortunately, people in our government are paying attention.”

The string of attacks came as the Biden administration has vowed to take on ransomware, which Department of Homeland Security Secretary Alejandro Mayorkas last week called “one of our most significant priorities right now.” His agency in March announced a 60-day sprint to address ransomware, and the Department of Justice has created its own ransomware task force.



Malicious Link

Ransomware is a type of malware -- often hidden in a phishing email or a malicious link -- that locks up a victim’s files, which the attackers promise to unlock for a ransom payment. More recently, ransomware groups have started stealing data and threatening to release it unless they are paid.

“It’s now a double-extortion scheme,” said Tyler Hudak, who handles incident response for the cybersecurity firm TrustedSec. “A lot of organizations will pay just to make sure their private data doesn’t get out.”

The scope of ransomware attacks is rapidly growing, with police departments, dental clinics, school districts and IT companies among the victims. Cybersecurity firm Emsisoft found that that almost 2,400 U.S. based governments, health-care facilities and schools were hit by ransomware in 2020.

A report released last month by a ransomware task force -- which included cybersecurity experts, government officials and academics -- said the amount paid by ransomware victims increased by 311% in 2020, reaching about $350 million in cryptocurrency. The average ransom paid by organizations in 2020 was $312,493, according to report.

So far, in addition to singling out ransomware, the Biden administration has also vowed to bolster defenses of critical infrastructure, including the electrical grid. The hackers behind the Colonial Pipeline attack took aim at both priorities, though it’s not clear if that was intentional.

While the investigation is still underway, a ransomware group called DarkSide appears to be behind the attack, according to Allan Liska, senior threat analyst at the cybersecurity firm Recorded Future.



Double Extortion

DarkSide first surfaced in August 2020 and uses the ransomware-as-a-service model, according to a blog post from the cybersecurity firm Cybereason. DarkSide uses the double extortion method in which it not only encrypts a victim’s data but exfiltrates it and threatens to make it public unless the ransom is paid, according to Cybereason.

“DarkSide is observed being used against targets in English-speaking countries and appears to avoid targets in countries associated with former Soviet Bloc Nations,” according to the blog.

While ransomware is primarily a profit-seeking venture perpetuated by criminals, there are allegations of foreign governments enabling or engaging in the attacks. Last year, the U.S. issued a warning about North Korea cyber crimes, including ransomware, saying the regime was increasing relying on illicit activity to generate money for weapons. In announcing sanctions against Russia in April, the Treasury Department stated that Russian intelligence cultivates and co-opts hackers “enabling them to engage in disruptive ransomware attacks and phishing campaigns.”

What to know in techGet insights from reporters around the world in the Fully Charged newsletter.
A major challenge in cracking down on ransomware is that many of the hackers operate out of countries that are unable or unwilling to prosecute them, making it difficult for authorities in the U.S. or elsewhere to bring them justice, according to the task force report. The hackers insist that ransom payments are made in cryptocurrency, making them difficult to track. It’s also relatively easy and cheap to launch ransomware, since some gangs now sell versions of the malware with instructions and customer service, a sort of criminal variation of the “software-as-a-service” model.

Another confounding issue is that many victims pay the ransom, something the FBI warns against because it encourages the attackers to target more victims and offers an incentive for others to get involved.

The task force report, prepared by the Institute for Security and Technology, includes 48 actions the Biden administration and the private sector could pursue for tackling ransomware, including using diplomacy and law enforcement to discourage foreign governments from providing a safe haven for ransomware gangs and imposing tougher regulation on cryptocurrency.

Painter, who was part of the task force, said it was a “timely call to action.” He added that “this problem will only get worse if we don’t address it now in a comprehensive way.”

Hudak said the success of ransomware gangs depends on establishing a reputation. That’s one reason many of them, including DarkSide, create pages on the dark web showing which companies they have attacked and files they’ve released from victims that don’t pay, he said.

“We’re working an incident right now where DarkSide is involved,” Hudak said. “They do research on their victims. They’ll know much money they make, whether they have cyber insurance and what that insurance will pay.”

Newsletter

Related Articles

0:00
0:00
Close
Putin Celebrates ‘Unprecedentedly High’ Ties with China as Gazprom Seals Power of Siberia-2 Deal
China Unveils New Weapons in Grand Military Parade as Xi Hosts Putin and Kim
Queen Camilla’s Teenage Courage: Fended Off Attempted Assault on London Train, New Biography Reveals
Scottish Brothers Set Record in Historic Pacific Row
Rapper Cardi B Cleared of Liability in Los Angeles Civil Assault Trial
Google Avoids Break-Up in U.S. Antitrust Case as Stocks Rise
Couple celebrates 80th wedding anniversary at assisted living facility in Lancaster
Information Warfare in the Age of AI: How Language Models Become Targets and Tools
The White House on LinkedIn Has Changed Their Profile Picture to Donald Trump
"Insulted the Prophet Muhammad": Woman Burned Alive by Angry Mob in Niger State, Nigeria
Trump Responds to Death Rumors – Announces 'Missile City'
Court of Appeal Allows Asylum Seekers to Remain at Essex Hotel Amid Local Tax Boycott Threats
Germany in Turmoil: Ukrainian Teenage Girl Pushed to Death by Illegal Iraqi Migrant
United Krack down on human rights: Graham Linehan Arrested at Heathrow Over Three X Posts, Hospitalised, Released on Bail with Posting Ban
Asian and Middle Eastern Investors Avoid US Markets
Ray Dalio Warns of US Shift to Autocracy
Eurozone Inflation Rises to 2.1% in August
Russia and China Sign New Gas Pipeline Deal
China's Robotics Industry Fuels Export Surge
Suntory Chairman Resigns After Police Probe
Gold Price Hits New All-Time Record
Von der Leyen's Plane Hit by Suspected Russian GPS Interference in an Incident Believed to Be Caused by Russia or by Pro-Peace or by Anti-Corruption European Activists
UK Fintechs Explore Buying US Banks
Greece Suspends 5% of Schools as Birth Rate Drops
Apollo to Launch $5 Billion Sports Investment Vehicle
Bolsonaro Trial Nears Close Amid US-Brazil Tension
European Banks Push for Lower Cross-Border Barriers
Poland's Offshore Wind Sector Attracts Investors
Nvidia Reveals: Two Mystery Customers Account for About 40% of Revenue
Woody Allen: "I Would Be Happy to Direct Trump Again in a Film"
Pickles are the latest craze among Generation Z in the United States.
Deadline Day Delivers Record £125m Isak Move and Donnarumma to City
Nestlé Removes CEO Laurent Freixe Following Undisclosed Relationship with Subordinate
Giuliani Seriously Injured in Accident – Trump to Award Him the Presidential Medal of Freedom
EU is getting aggressive: Four AfD Candidates Die Unexpectedly Ahead of North Rhine-Westphalia Local Elections
Lula and Putin Hold Strategic BRICS Discussions Ahead of Trump–Putin Summit
WhatsApp is rolling out a feature that looks a lot like Telegram.
Investigations Reveal Rise in ‘Sex-for-Rent’ Listings Across Canada Exploiting Vulnerable Tenants
Chinese and Indian Leaders Pursue Amity Amid Global Shifts
European Union Plans for Ukraine Deployment
ECB Warns Against Inflation Complacency
Concerns Over North Cyprus Casino Development
Shipping Companies Look Beyond Chinese Finance
Rural Exodus Fueling European Wildfires
China Hosts Major Security Meeting
Chinese Police Successfully Recover Family's Savings from Livestream Purchases
Germany Marks a Decade Since Migrant Wave with Divisions, Success Stories, and Political Shifts
Liverpool Defeat Arsenal 1–0 with Szoboszlai Free-Kick to Stay Top of Premier League
Prince Harry and King Charles to Meet in First Reunion After 20 Months
Chinese Stock Market Rally Fueled by Domestic Investors
×