Skip to main content
Cyber News

Cybersecurity experts, US government going after ransomware groups

By October 25, 2021June 9th, 2022No Comments

Cybercriminals have expanded their targets and have, in the past few months, increasingly targeted critical infrastructure with an aim to cause maximum damage and extort as much money from their victims as possible.

The past year alone has seen a huge surge in ransomware attacks targeting industries such as law enforcement agencies, pipelines, water treatment plants, health care providers and veterinary practices.

Emsisoft vs. DarkSide ransomware group

Now the US government and private cybersecurity experts are fighting back against cybercriminal groups behind these attacks. Researchers at Emsisoft were among the first to go after ransomware groups and deny millions of payments from their potential clients.

The Emsisoft fightback started late last summer when DarkSide reemerged as BlackMatter after their Colonial Pipeline ransomware attack shut down nearly half of the East coast’s fuel supply. The cybercriminals would, however, fail to update their ransomware software properly during a ransomware attack, which gave Emsisoft researchers an exploit opportunity on the ransomware that allowed them to decrypt files and return access to data’s rightful owners.

The researchers then tracked down potential victims of the BlackMatter ransomware attack and gave them access to the decryptors.

The Emsisoft response was short-lived, and cybercriminal groups got wind of the exploit and were able to patch their ransomware and continue their attacks on other victims. They did, however, end up costing the ransomware group millions of dollars in payments.

The US government vs. various ransomware groups

The US government has made significant strides towards eliminating ransomware attacks targeting businesses, government institutions, critical infrastructures, healthcare services, and veterinary practices.

In one of the biggest responses from the government this year, the US government was able to recover $2.3 million of the $4.4 million that Colonial Pipeline paid to BlackMatter after their systems were attacked. The June ransom recovery was announced by the Justice Department as a win against rampant attacks that had plagued the US back then and resulted in millions of dollars in losses.

The ransom recovery would then be followed by coordinated efforts between the US government and other countries, resulting in REvil getting knocked offline after their high-profile JB attack that resulted in an $11 million ransom payment to the cybercriminal group.

To gain a better understanding of the financial muscle the ransomware attacks have provided cybercriminal groups, the US government through the Financial Crimes Enforcement Network (FinCen) and the Office of Foreign Assets Control (OFAC) have kept track of the amount paid to ransomware groups. In the latest report examining the amount paid to ransomware groups, FinCen and OFAC announced that the top 10 ransomware groups have received over $5 billion in the form of cryptocurrencies resulting from ransomware attacks.

The report also offered a perspective of the increasing threat of ransomware attacks, with almost $600 ransom paid in the first half of 2021.

Significance of the response to veterinary practices

The response of cybersecurity firms and the US government to ransomware attacks has had an immediate on veterinary practices, which have come under constant attacks from ransomware groups. With the rise of ransomware as a service (RaaS) attacks that have shown their willingness to attack small and medium-sized veterinary practices, many practice owners have been in the crosshairs of cybercriminals looking to extort money from them.

The knocking down of REvil’s online presence, the ability to recover money paid to ransomware groups and the existence of decryptor keys by third-party cybersecurity firms such as Emsisoft has slightly slowed down the growth of the RaaS industry and resulted in fewer attacks against veterinary practices. It has also resulted in millions of losses to ransomware groups, who have already made $590 million in the first 6 months of 2021.

Response from ransomware groups

The response by the US government against ransomware groups has long irked some of the most destructive ransomware hackers in the world, but it is the takedown of the REvil ransomware group last week that seems to have driven them to the edge, resulting in these groups coming together and responding to the US.

In joint statements posted by several ransomware groups, they defended their practice and called out the US for the continued interference with their day-to-day ransomware attack in the US and around the world. The lengthy anti-US tirade included resolve by most of these cybercriminal groups, including Conti, which is notorious for ransomware attacks on Hospitals and veterinary practices, that they will not be deterred by the US action and will continue ransomware attacks.

Conti ransomware group even went as far as calling the US a unilateral extraterritorial bandit who get involved in matters that do not concern them and declared themselves the actual victims.

The general consensus among the ransomware groups was the US involvement in stopping them was illegal, and they should run undisturbed.

It is evident that the US involvement has led many cybercriminals to be nervous about what will come next, and as veterinary practices, the only hope we can have is that there will be a permanent solution that eliminates ransomware attacks in the future, otherwise we may pay dearly in the future.