Press "Enter" to skip to content

The US government moves on ransomware.. and includes arrests

The ransomware attack on conservative broadcasting giant Sinclair is still causing problems, the company reported in a U.S. Securities and Exchange Commission filing Wednesday.

Noting that the investigation is ongoing, the notice reports that the Oct. 17 intrusion “has not yet been fully resolved, and certain disruptions to … business and operations remain.” The full extent of the impact on Sinclair’s “business, operations and financial results is not known at the present time.”

Four out of five Internet of Things (IoT) device manufacturers are failing basic cybersecurity practices by not providing a way for people to disclose security vulnerabilities in their products – something that can potentially put users of the device at risk of cyberattacks and breaches of privacy.  This from Research by the IoT Security Foundation (IoTSF).

Also on the docket, a new program from the Department of Justice – their Cyberfraud initiative.   This focuses on pursing fraud in the following categories.  knowingly providing deficient cybersecurity products or services; knowingly misrepresenting their cybersecurity practices or protocols; or knowingly violating obligations to monitor and report cybersecurity incidents and breaches.

There’s a new amendment to the 2022 National Defense Authorization Act – it forces critical infrastructure owners and operators as well as civilian federal agencies to report all cyberattacks and ransomware payments to CISA.

The Department of State announced a 10M reward for the leaders of DarkSide, and 5M for information for the arrest of any individual involved in a Darkside attack.    BlackMatter, meanwhile is shutting down. 

And, the Justice Department announced arrests and charges against a group of ransomware hackers connected to REvil.   Included in the group is one involved in the Kaseya breach, who was detained in October after the US indicted him for cybercrimes in August.   The charges include possible prison time as an outcome.  Seized was more than $6 million from a REvil partner.   Of note, the DoJ credited Kaseya for working with the FBI, and doing so quickly.  

Why do we care?

My weekend editorial about consequences?  The stakes just got a lot higher for some.    There’s a spectrum of outcomes.    Criminals lose their money.  Arrests.    Jail time.     You don’t need Seal Team Six when law enforcement will do.

Credit to Kaseya on their response.    It’s clear that made a difference, particularly based on the timetable of the investigation.     The stories here have a theme – it’s around adherence to laws, regulations, and being ready to work with law enforcement.     During a crisis is not the time to consider what you might need.    As the basic working premise continues to be one WILL be hacked rather than might be hacked, are you ready here?   Who is in charge of tracking all these legal concerns?   That may not be a defined best practice.. but it should be.  Or will be soon enough.