Proposals from legislators in Washington DC could shake up the global ransomware ecosystem and give law enforcement sweeping new powers
By
United States lawmakers are mulling a new proposal to designate countries from which cyber criminal ransomware gangs operate as state sponsors of terrorism.
The law forms part of the Intelligence Authorisation Act for the 2025 fiscal year, which is being brought forward by Mark Warner, a Democratic senator for Virginia, and chair of the Senate Intelligence Committee.
It would see countries such as Russia that are deemed to have provided support for a ransomware demand scheme, including providing safe haven for criminal gang members themselves, listed in the same bracket as the likes of Cuba, Iran, North Korea and Syria, and subject to the same penalties and sanctions.
It lists a number of ransomware crews that the Committee believes constitute hostile foreign cyber actors whose home countries benefit from their activities, including some of the most dangerous and prolific operations of the past few years, such as Black Basta, BlackCat, Cl0p, Conti, DarkSide, LockBit and ReVIL, all of which had or have links to Russia.
There are four main categories of sanctions for countries that are designated as a state sponsor of terror, including bans on US foreign assistance, defence exports and sales, controls over exports of dual use items – items that can be used for both civilian and military purposes, and “miscellaneous” financial and other restrictions. Russia is, of course, already subject to wide-ranging western sanctions over its illegal invasion of Ukraine.
The bill also sets out a proposal to deem ransomware attacks on critical national infrastructure (CNI) as an intelligence priority under the US National Intelligence Priorities Framework.
Jon Miller, founder and CEO of Halcyon Security, an AI-driven anti-ransomware platform, told Computer Weekly it was long past time that ransomware attacks are called out for what they are, especially when they target healthcare providers and other CNI operators such as utilities or communications services providers (CSPs).
He explained that while ransomware gangs have always hidden behind the fact that their actions appear like criminal activity, they often have it both ways in that they frequently advance geopolitical agendas – such as by not attacking organisations in Russian-speaking jurisdictions.
They also receive the tacit backing of their “host” governments, exemplified by the arrests of REvil gang members by Russia's FSB security service in January 2022, which proves that Russia is very capable of being an effective partner in the fight against cyber crime when it chooses to be.
“Ransomware operators can walk and chew gum at the same time. While ransomware is lucrative for them and they need to make money to fund their operations, we should not ignore the fact that many of these attacks are carried out with the goal of causing disruption,
