Let’s Combat Ransomware Attacks Once and for All

Posted on by Robert Ackerman

Besieged with a persistent torrent of bad news about ransomware attacks—attacks that now commonly impact rank-and-file citizens as well as companies and other organizations—knowledgeable people increasingly have one overriding question in a period rife with big headaches on an assortment of fronts: How can these attacks be mitigated once and for all?

Unlike other troublesome issues of the day, ransomware is not new. It gets much more attention now because it has become much more ubiquitous, and nothing seems to stand in its way. In the past few months alone, victims included the Colonial Pipeline, meatpacking giant JBS S.A., Accenture, IT solutions developer Kaseya, two University of Florida Health hospitals, the University Medical Center of Southern Nevada, and all 10 schools in the Newhall School District in California’s Santa Clarita Valley.

In particular, the attacks on the Colonial Pipeline, which sharply impacted gasoline availability in the Southeast, and the Newhall School District, which shut down remote classes, hurt ordinary people.

Last year, the FBI’s Internet Crime Complaint Center (IC3) received 2,474 ransomware complaints, up from 2,047 in 2019 and 1,493 in 2018, and these are just the ones reported. Other attacks remain under the radar. Still, ransomware payments reported to IC3 totaled a hefty $350 million.

Looking at 2021, Cybersecurity Ventures, a research and market intelligence firm focused on major cybersecurity players and startups, projected that businesses worldwide will wind up falling victim to a ransomware attack every 11 seconds, up from one every 14 seconds in 2019.

So what can be done about all this? If we want to avoid becoming the decade of ransomware, then six changes, mostly major, are required. Here they are:

+ Emphasize politics, not policing. Many ransomware gangs operate from countries such as Russia or former Soviet republics, where their behavior is largely overlooked by authorities. Treating ransomware as a simple law-enforcement issue won’t fix the problem. Embracing political pressure, however, might. Politicians must tell problematic governments that allowing these gangs to flourish on their soil is anathema. President Biden has already relayed this to Russian President Vladimir Putin.

+ Join other companies in pressuring software makers to make their products more secure. Too much software is shipped with too many holes and exacerbated when companies knit systems together. Software companies also need to make it easier for flaws to be managed by their customers.

+ Congress should pass legislation to aid victims of ransomware attacks by establishing a fund to help them recover their systems if they have acted in good faith. To be eligible, companies should be required to report any attack to government authorities and refuse to pay the ransomware. If Congress won’t act, perhaps the White House would via executive order.

+ Intelligence agencies must join the anti-ransomware pressure campaign. They have largely been focused on state-backed espionage and cyber-warfare, and that is fine as far as it goes. But slowing ransomware must become an additional priority.

+ The Justice Department needs to get more aggressive. Its recently formed Ransomware and Digital Extortion Task Force announced in June that it had recovered much of the funds extorted from the high-profile Colonial Pipeline attack. To enhance its effectiveness, it should also dedicate a team of US attorneys and FBI agents with technical backgrounds to long-term cybersecurity investigations. The goal would be to prosecute developers who write and sell malware, which, with luck, might help dismantle attack infrastructure.

+ Last, the Justice Department, or perhaps Congress, should consider an effort to “make an example” of select high-profile ransomware attacks. It should track down the perpetrators and hand down stiff sentences. Most gangs will not be caught, of course, but they might become more cautious if certain ransomware gangs are sufficiently punished and spotlighted.

All of these suggestions would take time to implement. In the interim, here are short-term steps companies can encourage employees to take to mitigate the odds of a ransomware attack:

+ Tell employees to never click on unsafe links in spam messages or open suspicious email attachments. They should also avoid opening a suspicious email attachment.

+ In addition, employees should never use unknown USB sticks. Cybercriminals may have infected the storage medium and placed it in a public place to entice somebody into using it.

+ Rely solely on verified and trustworthy sites for downloads. These websites can be recognized by their trust seals. If the browser address bar on the page you’re visiting starts with “https,” it is highly likely to be secure. That isn’t the case if it starts with “http.”

+ If you use ubiquitous free public Wi-Fi networks, even for something as simple as checking emails, also use a secure VPN service. Public Wi-Fi isn’t inherently secure.

Even in the best-case scenario, ransomware attacks will continue to rise for a while because the swelling army of ransomware hackers is going nowhere, and the enlarged ranks of remote workers, more susceptible to attacks, will not fully return to pre-pandemic levels. The good news is that the adoption of more measures to combat ransomware is promising, as well as essential.

Robert Ackerman

Founder/Managing Director, AllegisCyber, AllegisCyber Capital

Hackers & Threats

ransomware security awareness phishing

Blogs posted to the RSAConference.com website are intended for educational purposes only and do not replace independent professional judgment. Statements of fact and opinions expressed are those of the blog author individually and, unless expressly stated to the contrary, are not the opinion or position of RSA Conference™, or any other co-sponsors. RSA Conference does not endorse or approve, and assumes no responsibility for, the content, accuracy or completeness of the information presented in this blog.

Share With Your Community

Related Blogs