A Rare Win in the Cat-and-Mouse Game of Ransomware

While Emsisoft would not identify the victims, it said they had included key manufacturers, transportation companies and food suppliers across continental Europe, Britain and the United States.

The timeline of Emsisoft’s effort overlaps with BlackMatter’s ransomware assaults last month on two American agriculture organizations: NEW Cooperative, an Iowa grain cooperative, and Crystal Valley, a Minnesota farming supply cooperative. Both cooperatives recovered quickly, suggesting that Emsisoft might have helped. Neither company returned requests for comment.

Eric Goldstein, the executive assistant director for cybersecurity at the federal Cybersecurity and Infrastructure Security Agency, called the effort a model for public and private collaboration. The agency is trying to develop a comprehensive “whole of nation” plan to address cyberthreats, particularly for “critical infrastructure,” most of which is owned by the private sector.

CISA recently created the Joint Cyber Defense Collaborative, which teams government agencies with tech firms like Microsoft and Amazon, telecoms like AT&T and Verizon, and cybersecurity firms like CrowdStrike and Palo Alto Networks to address threats like ransomware.

The Emsisoft operation is one of a handful of recent victories, some cursory, over ransomware. In June, the Justice Department announced that it had clawed back $2.3 million of the $4.4 million in cryptocurrency that Colonial Pipeline paid BlackMatter. More recently, an operation run by several governments knocked REvil, a major Russian ransomware outfit, offline. The multigovernment effort was reported earlier by Reuters.

That effort followed several smaller victories against REvil last summer. The group, which is responsible for thousands of ransomware attacks, found itself in the government’s cross hairs after it pulled off a high-profile attack on JBS, one of the world’s biggest meatpacking operators, and Kaseya, a Miami software company. The group used Kaseya’s high-level access to its customers to hold hundreds of them hostage over this past Fourth of July holiday.

Be the first to comment

Leave a Reply

Your email address will not be published.


*