After the breach on ‘Kaseya,’ which resulted in the infection of 1,500 (mostly American) businesses with ransomware of the Russia-based ‘REvil’ group, the Biden administration had to push forward with some high-level measures, as it seems the meeting with Russia’s President Putin hasn’t yielded the desired results. Even though REvil has gone dark inexplicably and unexpectedly, it remains clear that other (mainly Russian) cyber actors are still out there and actively seeking to cause harm to American entities.
Yesterday, the U.S. Commerce Department announced the addition of several Russian organizations and companies onto the trade blacklist, adding the following entities:
Some of these entities are part of Russia’s Foreign Intelligence Services. Others are offering their services to the government, and some (like SVA) have been accused of actually taking part in malicious cyber operations in the past. Starting immediately, no U.S. companies can sell them anything without securing a special license first, just like it happened with Huawei two years ago.
In addition to the above, the U.S. Department of Justice has also announced the opening of a novel ransomware resource at “StopRansomware.gov,” which aims to serve as a central hub for information on how to defend against ransomware. The portal features tips and guidance, self-assessment guides, an incident report system, and a direct connection with the law enforcement authorities, as well as other supporting agencies.
And finally, the U.S. has also announced they’re paying a bounty of up to $10 million to anyone who shares information that can identify or locate malicious actors that take part in ransomware operations. This is an indication of how badly the FBI would like to find out who are those people hiding behind the extortion Tor portals, and also proof of how difficult this is.