Britain Wants to Use Its New Cyber Command to ‘Hunt’ Ransomware Gangs

The United Kingdom needs to make use of a lately fashioned cyber command to “hunt” and hack ransomware gangs, a high-level authorities official lately revealed.

Jeremy Fleming, the director of Britain’s alerts intelligence company, GCHQ, divulged the plans at this yr’s US Cipher Brief threat conference on Monday. Fleming mentioned that Britain had seen a major uptick in ransomware assaults and that the federal government was trying to make use of offensive operations to discourage future assaults.

Operations of this sort would possible contain the federal government utilizing its personal exploits to focus on and disable servers operated by legal gangs, the Financial Times reports. The UK’s National Cyber Force—a brand new unified command, created final yr—can be the vector for such actions.

In his feedback, Fleming insinuated that governments merely had not completed sufficient to impose prices on underworld operators.

“The reason it [ransomware] is proliferating is because it works . . . criminals are making very good money from it and are often feeling that [it’s] largely uncontested,” he mentioned. “I’m pretty clear from an international law perspective and certainly from our domestic law perspective you can go after [criminal actors],” he added.

News of the UK’s plans to “hack the hackers” comes solely a couple of week after Reuters first reported that the U.S. had performed an operation of its personal alongside these strains. According to the outlet, the FBI and varied companions lately labored collectively to hack the servers of REvil—a outstanding ransomware gang that has been linked to a number of the greatest assaults on U.S. firms. REvil mysteriously disappeared in July, not lengthy after conducting a gargantuan assault on software program firm Kaseya. At the time, it wasn’t clear what had occurred to the criminals—and a few speculated that the gang had deliberately shut down its personal operations. However, Reuters reports that, in actuality, the gang had its community infrastructure hacked by legislation enforcement and a few of its servers had been co-opted.

The information that the U.S. and the UK are engaged in such actions appears to sign a brand new part of legislation enforcement ways in combatting cybercrime—one through which governments extra actively and overtly pursue cybercriminals fairly than simply clear up their mess.

Oleg Skulkin, DFIR Lab deputy head with cybersecurity agency Group-IB, advised Gizmodo in an e mail that the operation towards REvil isn’t the primary time that the U.S. has labored to disrupt a cybercrime group.

“There have been reports about such operations earlier,” Skulkin mentioned. “Last year, the U.S. Cyber Command carried out an operation in parallel with private sector players to take down the infamous TrickBot botnet ahead of the Election Day to prevent it from being used to launch attacks on IT systems supporting the election process.”

However, Allan Liska, Senior Security Architect with Recorded Future, advised Gizmodo that the latest FBI operation towards REvil would look like an escalation of what the U.S. is keen to do to go after ransomware operators.

“While this is not the first time that law enforcement has seized ransomware actor’s infrastructure it does appear to be the first time they have used CNA (computer network attack) methods (at least that has been publicly reported),” Liska mentioned. “This is the next logical progression and a sign that law enforcement is taking the ransomware threat seriously.”