U.S. Takes Steps to Combat Ransomware
Yesterday the U.S. government launched StopRansomware.gov, billing it as “a one-stop hub for ransomware resources for individuals, businesses, and other organizations.”
It’s welcome news as the site will collect information that previously came from disparate sources, including the Cybersecurity and Infrastructure Security Agency (CISA), the Secret Service, the FBI, the National Institute of Standards and Technology, as well as information from the U.S. Departments of Treasury and Health and Human Services.
https://t.co/GTWks3I9Ig is the new one-stop location for resources to tackle ransomware more effectively.— Cybersecurity and Infrastructure Security Agency (@CISAgov) July 15, 2021
It takes a group effort to #StopRansomware. View the whole-of-government effort to help individuals and organizations curb the rise of ransomware: https://t.co/GTWks3I9Ig pic.twitter.com/ifeDSbeFqO
The site is organized for simplicity with three primary sections: education on what ransomware is; what to do when you are hit with a ransomware attack and how to report it; and how to protect your organization from attacks. It’s also the go-to place to learn about new widespread attacks or discovered vulnerabilities.
One additional step the federal government is taking is to make it harder for criminals to use cryptocurrency. According to Cyberscoop, “the Treasury Department will support the implementation of money laundering requirements for virtual currency exchanges and building partnerships with the industry to track the currency in real time.”
The department will also be working with the international economic collaboration Group of 7 and its Financial Action Task Force to engender and unify international action and understanding on how to combat the use of cryptocurrency to launder money.
Recent high-profile ransomware cases—including the Kaseya attack, the JBS meat conglomerate attack, and the Colonial Pipeline attack—have emphasized the significant vulnerabilities organizations have.
A report from Osterman Research and cybersecurity company Trend Micro found half of companies do not have sufficient cyber protections in place such as the ability to detect phishing emails or remote desktop protocol compromise alert capability. “As a general conclusion, half of all organizations are not effective at counteracting phishing and ransomware threats,” the report said.
A ZDNet summary of the report’s findings went on to note “the research suggests that under half of organizations can recover quickly following a ransomware attack. The research also shows that two in five could struggle to effectively learn the mitigation processes required to avoid falling victim to a ransomware attack in future, even after falling victim to cyber criminals.”
In other ransomware developments, the ransomware group responsible for all three of the specific attacks mentioned above, REvil, went mysteriously dark earlier this week. Similar reports in The New York Times and The Washington Post proposed three main theories behind the disappearance:
- After the meeting between U.S. President Joe Biden and Russian President Vladimir Putin last month, the Kremlin could have taken steps to shut down the operation.
- The United States or some other country orchestrated a cyber counterattack that crippled the ransomware gang.
- REvil shut itself down—perhaps overwhelmed by the broad scope of the Kaseya attack or to lay low after several high-profile attacks.
Breaking News: Russia’s most aggressive ransomware group, blamed for multiple attacks on the U.S., suddenly went offline. Who made that happen is a mystery. https://t.co/6E7lgjcpn3— The New York Times (@nytimes) July 13, 2021
The actual reason for REvil’s disappearance is still not known. What is otherwise welcome news, may not be so welcome to ongoing victims of the Kaseya attack. As the Times reported: “It left some of the group’s targets in the lurch, unable to pay the ransom to get their data back and get their businesses running again. ‘What’s the plan for the victims?’ asked Kurtis Minder, the chief executive of GroupSense, a digital risk protection company that was negotiating with the extortionists on behalf of a law firm whose data was locked up."