[BreachExchange] US officials tell businesses to watch for potential ransomware attacks after Biden announces Russia sanctions

[Terrell Byrd]

https://www.msn.com/en-us/news/world/us-officials-tell-businesses-to-watch-for-potential-ransomware-attacks-after-biden-announces-russia-sanctions/ar-AAUbrCn

Minutes after President Joe Biden announced new sanctions on Russian banks
and elites on Tuesday, a senior FBI cyber official asked US businesses and
local governments to be mindful of the potential for ransomware attacks as
the crisis between the Kremlin and Ukraine deepens.

Russia is a "permissive operating environment" for cybercriminals -- one
that "is not going to get any smaller" as Russia's confrontation with the
West over Ukraine continues and further sanctions are announced, the FBI's
David Ring said on a phone briefing with private executives and state and
local officials, according to two people who were on the call.

Ring asked state and local officials and business executives to consider
how ransomware attacks could disrupt the provision of critical services,
the people on the call said.

US officials continue to say there are "no specific, credible" threats to
the US homeland tied to tensions with Russia over Ukraine, but they are
preaching vigilance.

The willingness of Russian-speaking cybercriminals to disrupt US critical
infrastructure has been a US concern for years, but it came to a head last
year when a ransomware attack forced major fuel transporter Colonial
Pipeline to shut down for days.

The phone call was one in a series of briefings that FBI and Department of
Homeland Security officials have had for US companies and local governments
in the last two months in light of US tensions with Russia over Ukraine. It
had been scheduled before it was clear that Biden would address Russia's
latest moves in Ukraine on Tuesday. The US President announced the "first
tranche" of sanctions against Russian entities for Russian President
Vladimir Putin's decision to recognize two breakaway regions in Ukraine and
send troops there.

The US could also see "a possible increase in cyber threat activity" from
Russian state-backed hackers as a result of those sanctions, Ring said,
according to the people on the call.

"DHS has been engaging in an outreach campaign to ensure that public and
private sector partners are aware of evolving cybersecurity risks and
taking steps to increase their cybersecurity preparedness," a DHS
spokesperson said in a statement.

CNN has requested comment from the FBI.

The extortion of Colonial Pipeline had underscored for Biden administration
officials the economic and national security threat posed by ransomware.
The incident triggered long lines at gas stations in multiple US states and
prompted Biden to call on Putin to rein in cybercriminals operating from
Russian soil.

While ransomware attacks on US organizations by Russian-speaking hackers
have continued, Russian authorities have dangled the prospect of cracking
down on some groups in recent months, as the standoff over Ukraine brewed.

US officials said last month that they believe Russia has detained the
person responsible for the Colonial Pipeline hack, but any cooperation
between the two governments on cybercrime could be elusive if relations
further deteriorate over Ukraine, according to some analysts.

After the cyberattacks on Ukrainian government and banking websites last
week that the Biden administration blamed on Russia's military intelligence
directorate, US officials continue to see Russian cyber operations as
likely playing a role in any further military invasion.

In the event of a larger conflict between Russia and Ukraine, US officials
are concerned that transportation networks and broadcast media in Ukraine
could be shut down by kinetic or cyberattacks, Matthew Hackner, an official
in DHS' Office of Intelligence and Analysis, said on Tuesday's phone
briefing, according to people on the call.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20220223/4a945b97/attachment.html>