The United States is stepping up its fight against ransomware attacks by going after the companies and people who help criminals operate. Ransomware is a type of computer attack where hackers lock up a victim's files and demand money to unlock them.
In a major move, the US government sanctioned a VPN service and a malware cryptor seller for the first time. VPNs are tools that hide internet activity, and malware cryptors are programs that encrypt files—both tools that ransomware gangs use to hide their identity and attack victims. By sanctioning these companies, the government is warning businesses and countries not to work with them or they could face serious penalties.
The VPN service and malware seller both helped enable ransomware attacks, meaning they knowingly provided tools that criminals used to harm others. These tools made it easier for ransomware gangs to stay hidden while stealing money from victims. Hospitals, schools, and businesses have all suffered from ransomware attacks that disrupted their operations and cost them millions of dollars.
The government also took action against a ransomware negotiator who was sentenced to 70 months in prison—that's almost six years. This person helped criminals carrying out BlackCat ransomware attacks. BlackCat is one of the most dangerous ransomware groups operating today, and this negotiator assisted them even though they knew what the gang was doing. Negotiators work with victims to help pay ransoms or resolve the attacks, and this person's work directly supported serious crimes.
These enforcement actions show that US officials are not just targeting the hackers themselves, but also the entire network of support that helps ransomware gangs operate. By punishing companies that provide tools and people who help criminals communicate with victims, the government is trying to make ransomware attacks much harder to carry out successfully.
Security experts say that ransomware has become one of the biggest cybersecurity threats facing the world. Criminal groups make billions of dollars each year from these attacks. The US sanctions and prison sentences represent a new strategy: if it becomes too expensive or dangerous to help ransomware criminals, fewer people and companies might be willing to assist them. This could make it harder for attackers to hide and operate, ultimately protecting thousands of organizations from devastating attacks.