Skip to content

Illustration by Security Management

U.S. Takes Steps to Combat Ransomware

Yesterday the U.S. government launched, billing it as “a one-stop hub for ransomware resources for individuals, businesses, and other organizations.”

It’s welcome news as the site will collect information that previously came from disparate sources, including the Cybersecurity and Infrastructure Security Agency (CISA), the Secret Service, the FBI, the National Institute of Standards and Technology, as well as information from the U.S. Departments of Treasury and Health and Human Services.

The site is organized for simplicity with three primary sections: education on what ransomware is; what to do when you are hit with a ransomware attack and how to report it; and how to protect your organization from attacks. It’s also the go-to place to learn about new widespread attacks or discovered vulnerabilities.

One additional step the federal government is taking is to make it harder for criminals to use cryptocurrency. According to Cyberscoop, “the Treasury Department will support the implementation of money laundering requirements for virtual currency exchanges and building partnerships with the industry to track the currency in real time.”

The department will also be working with the international economic collaboration Group of 7 and its Financial Action Task Force to engender and unify international action and understanding on how to combat the use of cryptocurrency to launder money.

Recent high-profile ransomware cases—including the Kaseya attack, the JBS meat conglomerate attack, and the Colonial Pipeline attack—have emphasized the significant vulnerabilities organizations have.

A report from Osterman Research and cybersecurity company Trend Micro found half of companies do not have sufficient cyber protections in place such as the ability to detect phishing emails or remote desktop protocol compromise alert capability. “As a general conclusion, half of all organizations are not effective at counteracting phishing and ransomware threats,” the report said.

A ZDNet summary of the report’s findings went on to note “the research suggests that under half of organizations can recover quickly following a ransomware attack. The research also shows that two in five could struggle to effectively learn the mitigation processes required to avoid falling victim to a ransomware attack in future, even after falling victim to cyber criminals.”

In other ransomware developments, the ransomware group responsible for all three of the specific attacks mentioned above, REvil, went mysteriously dark earlier this week. Similar reports in The New York Times and The Washington Post proposed three main theories behind the disappearance:

  1. After the meeting between U.S. President Joe Biden and Russian President Vladimir Putin last month, the Kremlin could have taken steps to shut down the operation.
  2. The United States or some other country orchestrated a cyber counterattack that crippled the ransomware gang.
  3. REvil shut itself down—perhaps overwhelmed by the broad scope of the Kaseya attack or to lay low after several high-profile attacks.

The actual reason for REvil’s disappearance is still not known. What is otherwise welcome news, may not be so welcome to ongoing victims of the Kaseya attack. As the Times reported: “It left some of the group’s targets in the lurch, unable to pay the ransom to get their data back and get their businesses running again. ‘What’s the plan for the victims?’ asked Kurtis Minder, the chief executive of GroupSense, a digital risk protection company that was negotiating with the extortionists on behalf of a law firm whose data was locked up."