While this seizure signals more accountability, there are many reasons to expect that ransomware attacks will quickly get worse before getting better.
There are local initiatives and concerted commitments among mayors that would prevent municipalities from paying ransoms. Meanwhile, insurance carriers have started to remove ransomware payments from policies, and the federal government has placed several ransomware gangs on sanctions lists, making ransom payments illegal under the federal law.
These factors creates a perfect storm — time is of the essence for criminal enterprises to make as much money as they can. This also puts pressure on the ransomware industry itself.
For several years, I have hunted a persistent group that attempted to steal credentials from more than 1,500 entities in the United States, most of which are part of critical infrastructure. More than 300 hospitals, 80 energy sector companies (including pipelines), 60 pharmaceutical companies, 200 state and local governments, 80 school districts, and 100 targets in the food distribution ecosystem of the United States were targeted by this adversary. Slick, efficient, and designed to evade detection, many of these attacks were successful.
All these reforms are moves in the right direction. But with opportunistic criminal enterprises racing to monetize their illicit access to US organizations, we can expect more short-term ransomware attacks on US organizations. We must be wary that even if ransomware events decrease in the United States, our supply chains are global — ransomware attacks in other countries will inevitably affect US interests.
Things will get worse before they get better. It is my sincere hope that the United States can serve both as a warning to the rest of the world about the dangerous implications of ransomware, and lead by example when it comes to deterring, prosecuting, and cooperating with our allies to stamp out this scourge.