In light of the ransomware attacks hitting high-profile targets such as the Colonial Pipeline and JBS, the White House has issued an open letter to private sector companies, urging them to do their part to stymie the threat.
The Federal Government is working with partners around the world to disrupt and deter ransomware actors, by making an effort to disrupt ransomware networks, working with international partners to hold countries that harbor ransomware actors accountable, developing policies towards ransom payments and enabling rapid tracing and interdiction of virtual currency proceeds, noted Anne Neuberger, Deputy Assistant to the President and Deputy National Security Advisor for Cyber and Emerging Technology.
“The private sector also has a critical responsibility to protect against these threats,” she added. “All organizations must recognize that no company is safe from being targeted by ransomware, regardless of size or location. But there are immediate steps you can take to protect yourself, as well as your customers and the broader economy.”
Recommended best practices
The U.S. Government has urged private sector organizations to:
- Implement best practices from the President’s Executive Order (i.e., multi-factor authentication, endpoint detection & response, encryption, and a skilled, empowered security team)
- Back up their data, system images, and configurations, regularly test them, and keep the backups offline
- Update and patch their systems promptly
- Test their incident response plan
- Check their security team’s work (via third-party penetration testing)
- Segment their networks (especially when it comes to IT ad OT networks)
“We urge you to take these critical steps to protect your organizations and the American public,” Neuberger added. “The federal government stands ready to help you implement these best practices.”
A global tackling of the ransomware threat is needed
A day after the memo was sent out, Reuters reported that the U.S. Justice Department is elevating investigations of ransomware attacks to a similar priority as terrorism.
In late April, the Institute for Security and Technology’s Ransomware Task Force (RTF) has published (and delivered to the U.S. President’s team) a strategic framework to help worldwide organizations fight against ransomware.
The 48 recommendations they laid out are meant to be implemented in concert by various actors (government agencies, policymakers, private sector organizations, etc.) from different countries to fight against ransomware. “Ransomware has become too large of a threat for any one entity to address; the scale and magnitude of this challenge urgently demands coordinated global action,” the RTF noted.
“It is no longer speculation that ransomware can impact our way of life. It can. Colonial Pipeline and JBS USA impacted U.S. citizens’ behaviors and prompted fears of shortages that turned into actual shortages. To think of it as terrorism fits the effects and impact of real world ransomware cases today,” noted James Shank, a member of the Ransomware Task Force and Chief Architect of Community Services at Team Cymru.
“Seeing this increase in prioritization and to hear of this coordinated response by the U.S. Government is wonderful! It’s a U.S. problem and a global problem. We need coordinated response both in terms of public-private partnership but also on the global stage. I hope this results in curbing the ongoing increases in ransomware events and ransomware demands. Right now, too much of the risk is borne by the victims, and the ransomware actors operate, more or less, with impunity. It is time to change the balance of that equation.”