Skip to main content
close search
site logo

Ransomware festers as a top security challenge, US intel leaders say

U.S. intelligence leaders warn ransomware activity is growing, despite high profile efforts to seize threat actors’ infrastructure.

Published March 12, 2024
Matt Kapko's headshot
Senior Reporter
A facade of the White House in Washington, D.C.
The federal government's proposed zero-emissions building definition is a step toward tackling climate change by providing uniform guidelines for building decarbonization. Nick van Bree via Getty Images

Ransomware remains a persistent threat, despite law enforcement actions aimed at disrupting the infrastructure threat actors rely on to conduct their attacks, according to the Office of the Director of National Intelligence’s latest annual threat assessment.

“Transnational organized criminals involved in ransomware operations are improving their attacks, extorting funds, disrupting critical services and exposing sensitive data,” said the report, which was publicly released Monday. “Important U.S. services and critical infrastructure such as healthcare, schools and manufacturing continue to experience ransomware attacks.”

National intelligence leaders warned that the ransomware problem is worsening and is growing more difficult to combat.

Leaders of the U.S. government’s intelligence agencies, including the CIA, FBI, National Security Agency, Department of State, Defense Intelligence Agency and ODNI testified Monday in a hearing with the U.S. Senate Select Committee on Intelligence, in tandem with the report’s release.

Threat actors are capitalizing on decentralized and inexpensive infrastructure, which allows for specialized ransomware activity to proliferate in an anonymous manner, the report said. “This interconnected system has improved the efficiency and sophistication of ransomware attacks while also lowering the technical bar for entry for new actors.”

Federal authorities acknowledged the constraints or limited capabilities that prevent more long-lasting impacts from law enforcement action against ransomware operators.

While some global criminal syndicates temporarily cease operations following law enforcement actions, ransomware operators and their affiliates often find ways to rebrand and renew their activities, authorities said in the report.

AlphV’s involvement in a highly damaging ransomware attack against Change Healthcare is a particularly sour development after a global law enforcement action in December shut down the infrastructure of the ransomware group, also known as BlackCat. AlphV emerged within hours of the takedown and remains active.

LockBit, another ransomware as a service group that reestablished operations within days of a global law enforcement effort which dismantled the group’s infrastructure, remains the most-prolific criminal group in the field.

“Absent cooperative law enforcement from Russia or other countries that provide cyber criminals a safe haven or permissive environment, mitigation efforts will remain limited,” the report said.

Editors' picks

Company Announcements

View all | Post a press release
Mystic Valley Elder Services Data Breach Investigation
From Migliaccio & Rathod LLP
October 31, 2024
Traceable Releases 2025 State of API Security Report: API Breaches Persist as Fraud, Bot Attac…
From Traceable AI
October 30, 2024
CUSO Financial Services, LP Data Breach Investigation
From Migliaccio & Rathod LLP
October 31, 2024
TrustNet Named 2024’s Best Compliance Advisory and Audit Firm at CDM’s Annual Top InfoSec Inno…
From TrustNet
November 06, 2024
Editors' picks
Latest in Strategy
image/svg+xml
Industry Dive is an Informa business
© 2024 Industry Dive. All rights reserved. | View our other publications | Privacy policy | Terms of use | Take down policy.
Cookie Preferences / Do Not Sell