A new federal ransomware website gives one-stop access to a wide variety of government resources for fighting the ransomware wave pummeling America in the summer of 2021. Even small organizations should take time to understand their ransomware risks. Big attacks get the headlines, but 75% of all ransomware attacks strike small businesses, and the government knows it can’t fight this battle without the private sector doing its part. So the feds gathered a long list of resources into a new site called StopRansomware.gov. In this article, we summarize how the site arms you with information for understanding, reporting and combatting ransomware.
The "One-Stop Ransomware Resource"
This site offers three main sections:
- Basic ransomware information
- Resources to report and respond to actual attacks
- Guidelines to reduce the risk of falling to ransomware
The site’s core message is that businesses have to take cybersecurity into their own hands. The government can rattle cyber sabers with Russia all day, but the best defense is each organization following fundamental cyber hygiene best practices. In June, the Biden administration told businesses just that in an open letter. The StopRansomware.gov site’s resources support the letter’s call for businesses to step up to protect both the nation and their own economic interests. The letter stated, “The most important takeaway from the recent spate of ransomware attacks on U.S., Irish, German and other organizations around the world is that companies that view ransomware as a threat to their core business operations rather than a simple risk of data theft will react and recover more effectively.”
Throughout the site, you’ll find information from and links to multiple agencies including:
- The FBI
- Department of Homeland Security
- The Secret Service
- CISA (Cybersecurity and Infrastructure Security Agency)
- NIST (National Institute of Standards and Technology)
What’s On StopRansomware.gov
As you look through the site’s resources, you’ll find most of the site’s recommendations very familiar If you pay attention to basic cybersecurity hygiene. But the reality is that most of these best practices will still be news to many organizational leaders who have gotten away so far with assuming that ransomware won’t come looking for them.
The site’s resource section includes a wide variety of slide shows, videos, articles, etc. that highlight essential steps that can massively reduce an organization’s ransomware risk. Several guides provide insights on the risks for specific industries, including K-12 education and healthcare. You’ll also find links to the government’s Sector Risk Management Agencies, which focus on guidance for 16 specific critical infrastructure sectors.
The site provides incident response resources for companies facing an actual attack, including steps to follow during the first hours of an attack. Links let you report the attack to a variety of agencies, with the promise that reporting to any one of them will cascade the message to all other appropriate agencies.
One of the best pages to bookmark is the alerts section that provides links to official update feeds from CISA and the FBI. Some of the advisories include papers for responding to specific situations, such as best practices for preventing business disruption from the Darkside ransomware that hit Colonial Pipeline earlier this year.
While you’re in the Alerts section, pay attention to the advisory about the potential sanctions you may face if you pay a ransom. Your decision about whether to pay should factor in potential violations of national security laws.
Other Government Ransomware Moves
Along with the new website, the government has been rolling out multiple other ransomware-related actions in recent weeks. Here’s a recap:
State Department offers $10 million reward – Anyone willing to share information about foreign hackers targeting critical U.S. infrastructure could see a big payoff. The U.S. State Department launched the big bounty, which is explained in detail at the Rewards for Justice site.
Biden issues executive order on cybersecurity – On May 12, President Biden issued an executive order on improving national cybersecurity. Key provisions of the order include facilitating more breach reporting by IT providers, mandating full use of security tools such as multifactor authentication on federal systems, requiring better software security in the government supply chain and creating a review board to examine hacking incidents.
REvil goes AWOL – We don’t know what role the government played in the July shutdown of the famed hacking group known as REvil. On July 13, the organization’s online footprint suddenly disappeared. Did the hackers decide to disband on their own? Did the U.S. Cyber Command take them out? Did Russia strike in response to increasing U.S. pressure to deal with the extensive hacking harbored there? It’s a solid bet that one or both of the governments played a role.
As you seek to make sense of this era of ransomware and create a defense and response plan specific to your organization, contact Pratum for expert advice.