Ransomware Attacks Prompting Global Response – Mandiant CEO

Businesses and governments are now actively seeking out cyberthreats, driven by the spate of crippling ransomware attacks in the last couple of years.

This is according to Mandiant CEO Kevin Mandia, who pointed out that the industry are beginning to see a co-ordinated national and international response to cyberthreats because of the ransomware threat.

Just before Christmas, Sainsbury’s acknowledged it was one of the businesses hit by a ransomware attack on a major US provider of cloud payroll systems. The supermarket chain reportedly lost a week’s worth of data for its 150,000 UK employees.

Offensive action

Mandiant CEO Kevin Mandia made the comments during a session on cybersecurity at CNBC’s recent Technology Executive Council (TEC) Summit in New York.

“I think more people are taking advantage of the United States – and our openness and our true global workforce – than in any other nation,” said Mandia.

And rather than simply bolstering traditional defenses such as firewalls and waiting to be the next potential victim of a cyber assault, companies are beginning to take a more proactive approach to security, it seems.

Indeed, they are reportedly going on the offensive, actively seeking out cyber threats and disabling them before they can wreak havoc on systems and networks.

It seems that the tidal wave of ransomware attacks in the past couple of years is acting as a major driver for going on the offensive.

CNBC pointed to an August 2021 report from research firm International Data Corp, which showed that more than one-third of organisations worldwide have experienced a ransomware attack or breach that blocked access to systems or data in the previous 12 months.

Weary of the ongoing assaults, organisations are said to be fighting back.

REvil takedown

“What you’re starting to see is a coordinated national response – maybe even a coordinated international response – because [of] ransomware,” Mandia was quoted as saying. “Quite frankly everybody hates it except for people doing it and the people harbouring those who do it.”

The CNBC report cited the example of the multi-country operation to takedown the notorious hacking gang REvil in October this year.

The Russia-based gang was responsible for a ransomware attack on Colonial Pipeline in May that led to widespread fuel shortages on the US East Coast, as well as the July compromise of Florida-based software management company Kaseya that allowed it to hack hundreds of Kaseya customers around the world.

In April REvil also hacked Apple assembler Quanta Computer and stole engineering schematics for unreleased products, including designs for the 2021 MacBook Pro, releasing them to the public after failing to blackmail Quanta Quanta or Apple for tens of millions of pounds.

The gang also disrupted the systems of meatpacker JBS and many other high-profile targets.

Following the attack on Kaseya, the FBI faced heavy criticism after it revealed that it had obtained a universal decryption key that could have aided those affected by the attack, but chose not to release it as it was preparing an operation against the gang.

Positive development

While it’s uncertain exactly how REvil was taken out of commission, the collaboration by multiple entities is a positive development in the effort to minimise or eliminate threats, Mandia reportedly said.

With ransomware becoming a national security issue as well as a criminal one, the US needs to consider bringing military assets to bear in the fight to stop these attacks, he said.

“We can do a lot of different things rather than just constantly making it a clean-up on aisle nine after the crime,” he said. Military action “doesn’t mean drone strikes, it means proportional response” to the attacks, he added. That can only happen when the sources of the attack are identified.

A strong step would be the creation of a national “doctrine” that states how the US will deal with creators of ransomware and other cyber threats, as well as the nations that harbor them, Mandia said.

“There could be some vagueness to that doctrine, but people need to know that the nation is going to have a coordinated response” to attacks, he said. “There comes a time where you just can’t stand there and take it anymore.”

In July President Joe Biden sent one of his strongest signals yet to his opposite numbers in Russia and China, when he said ongoing cyberattacks could could cause a ‘real shooting war’ with a ‘major power’.

This issue was raised during face-to-face talks between US President Joe Biden and Vladimir Putin in June.

Ever since 2011 the United States said it reserved the right to retaliate with military force against a cyber attack from a hostile state.

And the British could be following suite.

In March this year, the UK government’s ‘Integrated Defence Review’ included a small but noteworthy change for the justification of use of the British nuclear arsenal, including attacks on ’emerging technologies.’