Security news that informs and inspires

International Cooperation Key to Ransomware Fight

SAN FRANCISCO--The fight against ransomware that has been going on for the better part of a decade now in enterprise and public sector networks has gained some quite powerful allies in recent years in the world’s most capable intelligence agencies, and their cooperative efforts are beginning to show some results.

In the United States, the National Security Agency has become deeply involved in the anti-ransomware efforts led mainly by the Cybersecurity and Infrastructure Security Agency and has partnered with the other Five Eyes intelligence organizations around the world to not only share information on attacks, but also tactics and strategies for stopping ransomware incidents before they have a chance to detonate.

“We all speak the same language, maybe with different accents, but it all comes together in a pretty well aligned way. It is broader than the five eyes nations, too, as we have a vested interest in other partner countries,” Rob Joyce, the director of cybersecurity at NSA, said during a panel discussion at the RSA Conference here Tuesday.

“I’ve seen ransomware prevented and disrupted through this. It’s important to share this broadly.”

In the space of just a couple of years, ransomware went from an expensive nuisance to a national security concern for many of the most powerful countries on earth. The U.S. has made the prevention of ransomware a top priority and also has devoted considerable financial and human resources to hunting down the cybercrime rings that run the ransomware ecosystem. That’s no small task, especially given the fact that many if not most of those crews operate from nations such as Russia and North Korea that are outside the reach of western law enforcement agencies. The Department of Justice has indicted multiple alleged ransomware operators and the FBI has aided in raids against others in Ukraine and other countries in recent years.

None of this occurs in a vacuum, though. Those operations require significant international cooperation at the highest levels, and the top cybersecurity officials in the U.S.’s closest allied countries have both aided in this process and benefited from it themselves.

“It’s extremely powerful to have these joint advisories, and we share common threats. We have critical infrastructure that shares both borders, so it’s extremely helpful when we share this stuff at this level,” said Sami Khoury, head of Canada’s Center for Cyber Security.

The cooperation of course goes well beyond ransomware and involves other cybersecurity threats, including cybercrime gangs and APT groups. The U.S. in the past has sanctioned some members of known cybercrime groups, and the U.K. recently did the same for the first time. In February, the two nations cooperated on sanctions against seven Russian nationals who are alleged members of the notorious Trickbot group.

“It’s incredibly important to tackle the criminals directly whenever possible and impose some cost on them,” said Felicity Oswald, the COO of the U.K.’s National Cyber Security Center.

“All governments have a responsibility to look after their neighbors as well as their own citizens. If we genuinely embraced the mix of minds in our communities and make sure we have everyone working together, we can be more secure.”