美国发布关于持续打击勒索软件公共行动的简报

FACT SHEET Ongoing Public U.S. Efforts to Counter Ransomware

美国发布关于持续打击勒索软件公共行动的简报

 

https://www.whitehouse.gov/briefing-room/statements-releases/2021/10/13/fact-sheet-ongoing-public-u-s-efforts-to-counter-ransomware/

 

OCTOBER 13, 2021

This week the National Security Council is facilitating an international counter-ransomware event with over 30 partners to accelerate cooperation on improving network resilience, addressing the financial systems that make ransomware profitable, disrupting the ransomware ecosystem via law enforcement collaboration, and leveraging the tools of diplomacy to address safe harbors and improve partner capacity.

当地时间2021年10月13日发布。本周，国家安全委员会（NSC）正在与30多个合作伙伴共同推动一项打击勒索软件的国际活动，以加快在提高网络韧性、应对勒索软件得以获利的金融体系、通过执法协作破坏勒索软件生态系统、以及利用外交手段解决避风港问题并提高合作伙伴能力等四个方面的合作。

 

Ransomware incidents have disrupted critical services and businesses worldwide - schools, banks, government offices, emergency services, hospitals, energy companies, transportation, and food companies have all been affected. Ransomware attackers have targeted organizations of all sizes, regardless of where they are located. The global economic losses from ransomware are significant. Ransomware payments reached over $400 million globally in 2020, and topped $81 million in the first quarter of 2021, illustrating the financially driven nature of these activities.

勒索软件攻击事件对全世界的关键服务和企业造成了破环——学校、银行、政府办公室、应急服务、医院、能源公司、交通运输、以及食品公司都受到了影响。勒索软件攻击者的目标是所有规模的组织，无论它们位于何处。勒索软件造成了巨大的全球经济损失。2020年全球勒索软件支付额超过4亿美元，2021年第一季度超过8100万美元，说明了这些活动受经济利益驱动的性质。

 

The Biden Administration has pursued a focused, integrated effort to counter the threat. Yet, government action alone is not enough. The Administration has called on the private sector, which owns and operates the majority of U.S. critical infrastructure, to modernize their cyber defenses to meet the threat of ransomware. The Administration has announced specific efforts to encourage resilience, including voluntary cyber performance goals, classified threat briefings for critical infrastructure executives and the Industrial Control Systems Cybersecurity Initiative. And, the Administration has stepped up to lead international efforts to fight ransomware. International partnership is key since transnational criminal organizations are often the perpetrators of ransomware crimes, leveraging global infrastructure and money laundering networks to carry out their attacks.

拜登政府采取了集中、综合的行动来应对这一威胁。然而，仅靠政府采取措施是不够的。政府呼吁拥有并运营美国大部分关键基础设施的私营部门对网络防御进行现代化改造，以应对勒索软件的威胁。政府宣布了鼓励韧性的具体行动，包括自愿的网络安全绩效目标、面向关键基础设施高管的机密威胁简报会、以及工业控制系统（ICS）网络安全倡议。此外，政府还加强了领导打击勒索软件的国际行动。由于跨国犯罪组织往往是勒索软件犯罪的实施者，他们利用全球基础设施和洗钱网络实施攻击，因此国际伙伴关系至关重要。

 

The Administration’s counter-ransomware efforts are organized along four lines of effort:

政府打击勒索软件的行动分为以下四个方面：

• Disrupt Ransomware Infrastructure and Actors: The Administration is bringing the full weight of U.S. government capabilities to disrupt ransomware actors, facilitators, networks and financial infrastructure;

• 破坏勒索软件基础设施和行为者：政府正在动用美国政府的全部能力，以破坏勒索软件行为者、推动者、网络和金融基础设施；

• Bolster Resilience to Withstand Ransomware Attacks: The Administration has called on the private sector to step up its investment and focus on cyber defenses to meet the threat. The Administration has also outlined the expected cybersecurity thresholds for critical infrastructure and introduced cybersecurity requirements for transportation critical infrastructure;

• Address the Abuse of Virtual Currency to Launder Ransom Payments: Virtual currency is subject to the same Anti-Money Laundering and Countering the Financing of Terrorism (AML/CFT) controls that are applied to fiat currency, and those controls and laws must be enforced. The Administration is leveraging existing capabilities, and acquiring innovative capabilities, to trace and interdict ransomware proceeds; and

• 解决滥用虚拟货币清洗赎金的问题：虚拟货币受到与法定货币相同的反洗钱和反恐怖融资管制，这些管制和法律必须得到执行。政府正在利用现有能力、以及提升创新能力，以追踪并阻断勒索软件收益；

• Leverage International Cooperation to Disrupt the Ransomware Ecosystem and Address Safe Harbors for Ransomware Criminals: Responsible states do not permit criminals to operate with impunity from within their borders. We are working with international partners to disrupt ransomware networks and improve partner capacity for detecting and responding to such activity within their own borders, including imposing consequences and holding accountable those states that allow criminals to operate from within their jurisdictions.

• 利用国际合作破坏勒索软件生态系统并解决勒索软件犯罪分子的避风港问题：负责任的国家不会允许犯罪分子在境内活动却能逍遥法外。我们正在与国际伙伴合作，以破坏勒索软件网络，提高合作伙伴在本国境内识别和应对此类活动的能力，包括让那些允许犯罪分子在其司法管辖范围内活动的国家承担后果并追究其责任。

 

Actions to date within these lines of effort include:

迄今为止，在上述行动范围内所采取的措施包括：

 

Disrupt Ransomware Infrastructure and Actors

破坏勒索软件基础设施和行为者方面：

• The Department of Justice established a Task Force to enhance coordination and alignment of law enforcement and prosecutorial initiatives combating ransomware. Law enforcement agencies, working through the National Cyber Investigative Joint Task Force (NCIJTF) and with the support of the interagency, are surging investigations, asset recovery, and other efforts to hold ransomware criminals accountable.

• 司法部（DOJ）成立了一个特别工作组，以加强打击勒索软件执法和起诉举措的协调与配合。执法机构通过国家网络调查联合特别工作组（NCIJTF）开展具体工作，在跨机构的支持下，正在加紧调查、资产追回、以及其他追究勒索软件犯罪分子责任的行动。

• The Department of the Treasury levied its first-ever sanctions against a virtual currency exchange. The exchange, SUEX, was responsible for facilitating ransomware payments to ransomware criminals associated with at least eight ransomware variants. Treasury will continue to disrupt and hold accountable these ransomware actors and their money laundering networks to reduce the incentive for cybercriminals to continue to conduct these attacks.

• 财政部首次对虚拟货币交易所实施制裁。这家名为SUEX的交易所对为向与至少八种勒索软件变种有关的勒索软件犯罪分子支付勒索软件赎金提供便利负有责任。财政部将继续破坏这些勒索软件行为者及其洗钱网络并追究其责任，以减少网络犯罪分子继续进行这些攻击的动机。

• The Department of the Treasury published an updated sanctions advisory encouraging and emphasizing the importance of reporting ransomware incidents and payments to U.S. Government authorities.

• 财政部发布了最新的制裁建议，鼓励并强调向美国政府当局报告勒索软件攻击事件和赎金支付情况的重要性。

• US Cyber Command and National Security Agency are dedicating people, technology, and expertise to generate insights and options against ransomware actors. Their technical expertise and insights enable and support whole-of-government efforts, including actions against criminals, their infrastructure, and their ability to profit from their crimes.

• 网络司令部（USCYBERCOM）和国家安全局（NSA）正在投入人力、技术、以及专业知识，以形成针对勒索软件行为者的见解和选项。他们的技术专长和见解能够支持整个政府的行动，包括打击犯罪分子及其基础设施、以及非法获利能力的措施。

• The Department of State’s Rewards for Justice (RFJ) Office has offered a $10 million reward for information leading to the identification or location of any person who, while acting at the direction or under the control of a foreign government, engages in, or aids or abets, certain malicious cyber activities against U.S. critical infrastructure, to include ransomware activities.

• 国务院（DOS）正义奖赏计划（RFJ）办公室悬赏1000万美元，以获取能够识别或定位在外国政府的指示或控制下从事、协助或教唆针对美国关键基础设施的包括勒索软件活动在内的某些恶意网络活动的任何人员的信息。

 

Bolster Resilience against Ransomware

增强抵御勒索软件攻击的韧性方面：

• The President launched an Industrial Control System Cybersecurity (ICS) Initiative in April - a voluntary, collaborative effort between the federal government and the critical infrastructure community. The ICS Initiative has led to over 150 electricity utilities representing almost 90 million residential customers to deploy or commit to deploy control system cybersecurity technologies, bolstering the security and resilience of these facilities. The ICS Initiative has been expanded to natural gas pipelines, and will shortly be expanded to the water sector.

• 拜登总统于4月发起了一项工业控制系统网络安全倡议，这是联邦政府和关键基础设施业界之间自愿的合作行动。该倡议已促使代表近9000万居民客户的150多家电力公司部署或承诺部署控制系统网络安全技术，从而增强这些设施的安全和韧性。该倡议已扩展至天然气管道，不久将扩展至水务行业。

• In July, the U.S. Department of Homeland Security (DHS) and the U.S. Department of Justice (DOJ) established the StopRansomware.gov website to help private and public organizations access resources to mitigate their ransomware risk.

• 国土安全部（DHS）和司法部于7月共同建立了StopRansomware.gov网站，以帮助公私组织获取资源，降低勒索软件风险。

• The Transportation Security Administration (TSA) at the Department of Homeland Security issued two Security Directives, requiring critical pipeline owners and operators to bolster their cyber defenses, enabling DHS to better identify, protect against, and respond to threats to critical companies in the pipeline sector.

• 国土安全部交通运输安全管理局（TSA）发布了两项安全指令（SD），要求关键管道所有者和运营商加强网络防御，使国土安全部能够更好地识别、防范、以及应对管道行业关键公司所面临的威胁。

• Deputy National Security Advisor for Cyber and Emerging Technology, Anne Neuberger, sent an open letter to CEOs in June communicating best practices to defend against and prepare for ransomware incidents, including backing up data, implementing multi-factor authentication, and testing incident response plans.

• 分管网络和新兴技术的副国家安全顾问安妮·纽伯格（Anne Neuberger）于6月向首席执行官们发出了一封公开信，介绍了防范勒索软件攻击事件并做好准备的最佳实践，包括备份数据、实施多因素认证、以及测试攻击事件应对计划。

• In August, President Biden met with private sector and education leaders to discuss the whole-of-nation effort needed to address cybersecurity threats - and leaders announced ambitious initiatives to bolster the Nation’s cybersecurity.

• 拜登总统于8月会见了私营部门和教育界领袖，讨论了应对网络安全威胁所需的国家整体行动，领袖们则宣布了加强国家网络安全的雄心勃勃的倡议。

• The National Institute of Standards and Technology (NIST), within the Department of Commerce, is working with industry to improve current and emerging standards, practices, and technical approaches to address ransomware. Their efforts include the development of the Cybersecurity Framework Profile for Ransomware Risk Management, which builds off the NIST Cybersecurity Framework to provide organizations a guide to prevent, respond to, and recover from ransomware events.

• 隶属于商务部（DOC）的国家标准与技术研究院（NIST）正在与业界合作，改进当前和新兴的标准、实践、以及技术方法，以解决勒索软件问题。他们的行动包括制定《勒索软件风险管理的网络安全框架概述》，即在国家标准与技术研究院网络安全框架的基础上，为组织提供预防、应对勒索软件攻击事件、以及从勒索软件攻击事件中恢复的指南。

• Treasury and the Department of Homeland Security’s CISA are engaging the cyber insurance sector to explore incentives to enhance implementation of cyber hygiene and improve visibility of ransomware activity.

• 财政部和国土安全部网络安全与基础设施安全局（CISA）正在与网络保险行业合作，探索激励措施，以加强网络卫生的实施，提高勒索软件活动的可见度。

 

Combat Virtual Currency Misuse to Launder Ransom Payments

解决滥用虚拟货币清洗赎金的问题方面：

• The United States remains at the forefront of applying anti-money laundering/countering the financing of terrorism (AML/CFT) requirements on virtual currency businesses and activities. We continue to hold U.S. virtual currency exchanges accountable to our regulatory requirements, and we have shared indicators and typologies of virtual currency misuse with the virtual currency and broader financial sector through venues like the Financial Crimes Enforcement Network (FinCEN) Exchange program.

• 在对虚拟货币企业和活动适用反洗钱和反恐怖融资要求方面，美国始终处于领先地位。我们继续要求美国虚拟货币交易所对我们的监管要求负责，我们通过金融犯罪执法网络（FinCEN）交流会（FinCEN Exchange）计划等平台，与虚拟货币和广大金融行业共享了虚拟货币滥用的指标和类型学。

• Treasury is leading efforts to drive implementation of international standards on financial transparency related to virtual assets at the Financial Action Task Force and to build bilateral partnerships designed to strengthen AML/CFT controls for virtual currency exchanges overseas. Uneven implementation of international AML/CFT virtual currency standards creates vulnerabilities ransomware actors exploit and inhibits the U.S. Government’s ability to disrupt ransomware-associated money laundering.

• 财政部正在牵头推动金融行动特别工作组（FATF）实施与虚拟资产相关的金融透明度国际标准，并建立旨在强化海外虚拟货币交易所反洗钱和反恐怖融资控制的双边伙伴关系。虚拟货币国际反洗钱和反恐怖融资标准实施的不均衡，造成了被勒索软件行为者利用的漏洞，并抑制了美国政府破坏勒索软件相关洗钱活动的能力。

• Led by the Federal Bureau of Investigation, the Administration is building an Illicit Virtual Asset Notification (IVAN) information sharing partnership and supporting platform to improve timelines of detection and disruption of ransomware and other illicit virtual currency payment flows.

• 在联邦调查局（FBI）的牵头下，政府正在建立一项非法虚拟资产通知（IVAN）信息共享伙伴关系和支持平台，以改进识别并破坏勒索软件和其他非法虚拟货币支付流的时间线。

 

Bolster International Cooperation

加强国际合作方面：

• The Administration is working closely with international partners to address the shared threat of ransomware and galvanize global political will to counter ransomware activities - as reflected in the recent G7 and North Atlantic Treasury Organization (NATO) joint statements, and Financial Action Task Force (FATF) efforts, among others. The Administration continues to advocate for expanded membership in, and implementation of, the Budapest Convention and its principles.

• 政府正在与国际伙伴密切合作，以应对勒索软件的共同威胁，并激发全球打击勒索软件活动的政治意愿，这反映在最近的七国集团（G7）与北约（NATO）联合声明、以及FATF的行动等方面。政府继续主张扩大《布达佩斯网络犯罪公约》及其原则的成员国数量和实施范围。

• Departments and Agencies continue to engage with States to improve their capacity for addressing ransomware threats, including through capacity building that promotes cybersecurity best practices and combats cybercrime, such as trainings on network defense and resilience, cyber hygiene, virtual currency analysis, and other training and technical assistance to foreign law enforcement partners to combat criminal misuse of information technologies.

• 政府各部门和机构继续与各国合作，以提高各国应对勒索软件威胁的能力，包括通过能力建设促进网络安全最佳实践和打击网络犯罪，如网络防御和韧性、网络卫生、虚拟货币分析等方面的培训，以及向外国执法伙伴提供其他培训和技术援助，以打击非法滥用信息技术的行为。

• The United States remains committed to eliminating safe harbors for ransomware criminals through a more direct diplomatic approach. President Biden has directly engaged President Putin, and established the White House and Kremlin Experts Group to directly discuss and address ransomware activity. The Experts Group continues to meet to address the ransomware threat and to press Russia to act against criminal ransomware activities emanating from its territory. The President has made clear the United States will act to protect our people and critical infrastructure.

• 美国始终致力于通过更直接的外交途径，消除勒索软件犯罪分子的避风港。拜登总统直接联系了普京总统，并成立了白宫与克里姆林宫专家组，直接讨论和应对勒索软件活动。专家组继续开会解决勒索软件威胁问题，并敦促俄罗斯采取行动打击来自其领土的非法勒索软件活动。拜登总统明确表示，美国将采取行动保护我们的人民和关键基础设施。

 

（注：本文封面图片来源于StopRansomware.gov网站。）