Recent ransomware attacks against the United States are raising questions about whether and how the military, specifically U.S. Cyber Command, might counter this type of malicious cyber activity. Here, we provide a road map for policymakers to help guide their decision-making on this critical policy challenge.
Latest in ransomware
Ransomware amounts to an ongoing tax by foreign gangs on U.S. governments and industry. If U.S. companies are going to pay extortionate taxes to foreign non-state entities, they should at least have to file a tax return.
Making cryptocurrency mining illegal won’t stop all mining, but it will seriously disrupt it.
The best way to deal with this new era of big-game ransomware will involve not just securing computer systems or prosecuting criminals, but disrupting the one payment channel capable of moving millions at a time outside of money laundering laws: Bitcoin and other cryptocurrencies.
Worms, malicious computer programs that spread from computer to computer throughout the network—are perhaps the most devastating delivery mechanism for an electronic attack.
Another month, another ransomware epidemic. Broadsheets are screaming panic while companies yell back that All Is Well and Ukraine shows the world what gifs can do for incident response. Twitter is abuzz with the rapid, globalized forensics effort of a legion of amateurs and professionals (though nothing yet from the White House).
In a recent blog post, Microsoft argued that the use of a vulnerability for Windows XP stolen from the NSA and released by the Shadow Brokers has caused widespread damage in the public domain, and the lesson that governments should learn from this incident is that government stockpiling of vulnerabilities that might be inadvertently revealed presents a hazard to safe computing around the world.
You’ve likely heard, by now, about the “wCry” (aka WannaCry) ransomware worm. There are a few features of this attack worthy of particular note.
Lawfare and others have spent an enormous amount of time discussing the intricacies of the Vulnerabilities Equities Process (VEP). Many policy conferences have been dedicated to the matter, and an even greater number of Twitter debates. The topic, in its own way, serves as a proxy for what one thinks of broader issues in information security and signals intelligence.
Today’s so-called WannaCry ransomware attack reveals the stakes, but more importantly the limits, of that debate.