The FBI is seeing progress in the fight against ransomware gangs after conducting more than 30 disruption operations this year in which officials targeted the infrastructure used by those groups, one of the bureau’s top cybersecurity officials said Wednesday.

Cynthia Kaiser, deputy assistant director of the FBI’s cyber division, said during CyberScoop’s CyberTalks event that disruption operations against ransomware gangs have in some cases stopped gangs from further targeting the U.S.. Ransomware gangs often operate in safe harbor countries like Russia, where there is little hope for extraction to the U.S.

“The FBI emphasizes key services in our disruptions of ransomware groups, targeting the essential services that criminals rely on to conduct their attacks,” Kaiser said.

Ransomware attacks still represent a major national security concern, particularly to critical infrastructure. A recent report found that ransomware attacks are causing an increase in emergency patient care.

While the Justice Department continues to name and shame individuals who are not likely to be extradited, targeting the infrastructure of the criminal operations has become another major strategy to curb cyberattacks.

During “Operation Cronos” in February, the FBI, the U.K.’s National Crime Agency and other international partners went after the notorious LockBit ransomware gang by seizing servers and disrupting other infrastructure. Authorities were also able to gain access to thousands of decryption keys for potential victim remediation efforts.

“The groups had to take a long time to re-establish infrastructure in order to continue operations,” Kaiser said. “Sometimes this means that we’ve seen them stop targeting the U.S. altogether.”

Kaiser also noted that the FBI and international allies have saved businesses more than $800 million in recent years through ransomware recovery efforts and additional services.

Even so, the FBI’s Internet Crime Complaint Center still sees a “high” number of ransomware attacks, she said. But business models are changing, Kaiser noted, citing ransomware variants that are more focused on data theft than file encryption attacks of old. 
Microsoft researchers reported earlier this month that they have seen fewer ransomware attacks in recent years that made it to the encryption stage.

The post FBI has conducted more than 30 disruption operations in 2024  appeared first on CyberScoop.

Leave a Reply

Your email address will not be published. Required fields are marked *

Explore More

Chinese hackers turn to AI to meddle in elections

April 5, 2024 0 Comments 0 tags

Hacking groups linked to the Chinese government are increasingly turning to deepfakes and other forms of AI-generated content when seeking to interfere in foreign elections, according to new research from

Read More

Treasury Sanctions Creators of 911 S5 Proxy Botnet

May 28, 2024 0 Comments 0 tags

The U.S. Department of the Treasury today unveiled sanctions against three Chinese nationals for allegedly operating 911 S5, an online anonymity service that for many years was the easiest and

Read More

Fortinet Releases Security Updates for FortiOS 

June 11, 2024 0 Comments 0 tags

Fortinet has released security updates to address a vulnerability in FortiOS. A cyber threat actor could exploit this vulnerability to take control of an affected system.    Users and administrators are

Read More