A rare win in Ransomware’s cat-and-mouse game
Although Emsisoft did not identify the victims, he said they included key manufacturers, transport companies and food suppliers across mainland Europe, Britain and the United States.
The timeline of Emsisoft’s efforts overlaps with BlackMatter’s ransomware attacks last month on two U.S. farm organizations: NEW Cooperative, a grain cooperative in Iowa, and Crystal Valley, an agricultural supply cooperative in Minnesota. The two co-ops quickly recovered, suggesting that Emsisoft could have helped. Neither company returned requests for comment.
Eric Goldstein, executive deputy director for cybersecurity at the Federal Agency for Cybersecurity and Infrastructure Security, called the effort a model of public and private collaboration. The agency is trying to develop a comprehensive “nationwide” plan to combat cyber threats, especially for “critical infrastructure”, most of which is owned by the private sector.
CISA recently created the Joint Cyber Defense Collaborative, which brings together government agencies with technology companies like Microsoft and Amazon, telecommunications companies like AT&T and Verizon, and cybersecurity companies like CrowdStrike and Palo Alto Networks to tackle threats like ransomware.
Operation Emsisoft is one of the few recent victories, some superficial, over ransomware. In June, the Department of Justice announced that it had recouped $ 2.3 million from the $ 4.4 million in cryptocurrency that Colonial Pipeline had paid to BlackMatter. More recently, a multi-government-led operation took REvil, a leading Russian ransomware group, offline. The multigovernment effort was reported earlier by Reuters.
This effort follows several small wins against REvil last summer. The group, which is responsible for thousands of ransomware attacks, has found itself in the government’s crosshairs after carrying out a high-profile attack on JBS, one of the world’s largest meat-packing operators, and Kaseya, a Miami software company. The group used Kaseya’s high-level access to its customers to hold hundreds of them hostage during the last July 4 vacation.