Clay County, Indiana, in the US, is sounding a Local Disaster Declaration in the wake of a “criminal ransomware attack” that occurred last week, following reports of increasing cyber-attacks on local governments across America.
“Clay County local government suffered a significant ransomware attack in the early morning hours of July 9, 2024. This has resulted in an inability to provide critical services required for the daily operation of all offices of the Clay County Courthouse, Community Corrections, and Clay County Probation,” said the county in an official statement.
News of the breach is further fuelling fears of Russian interference in the build-up to the US elections this year. It follows a cyber breach that occurred a week earlier at the offices of Monroe County, Indiana.
“During the early morning hours of July 1, 2024, Monroe County government experienced an intrusion into its network from an outside source termed “Blacksuit.” The perpetrator has been confirmed,” said the local authority.
According to CISA, the US cyber-defense agency, the attack utilized BlackSuit ransomware and is, therefore, likely to be linked to the Royal Spider cybercriminal organization, which operates from inside the Russian Federation and is, therefore, immune from prosecution and arrest by the US.
Rise in ransomware attacks blamed on Russia
“Royal Spider is known for developing and deploying this type of ransomware… BlackSuit Ransomware is categorized as Royal Ransomware. Royal Ransomware is often delivered via email as a .zip attachment and can affect servers, virtual servers, and workstations,” says CISA.
As we reported last month, the US Federal Bureau of Investigation (FBI) is laying the blame for escalating worldwide ransomware attacks squarely at Russia’s door. Speaking at the 2024 Boston Conference on Cyber Security, FBI Cyber Division Assistant Director Bryan Vorndran said: “Almost all of the criminals developing sophisticated malware to enable ransomware attacks are based in Russian-speaking countries and operate as organized crime syndicates, similar to traditional organized crime elements.”
As Russian ransomware gangs such as Royal Spider are essentially criminal organizations, it is safe to assume that their primary motivation is likely to be financial rather than political. However, as the Russian cybercriminal gangs now attacking the US are understood to operate with the tacit approval of the Russian government, it is also likely that cyber-attacks on US authorities will continue to escalate in the run-up to November’s elections.
