Describing last year as "the worst year ever when it comes to ransomware," Acting Deputy Attorney General John Carlin last week announced the formation of a joint task force of FBI agents and Justice Department prosecutors to better coordinate federal efforts to combat extortion attacks. "If we don’t break the back of this cycle, a problem that’s already bad is going to get worse," Carlin said in an internal memorandum.
How bad is the ransomware threat?
While much of the attention on ransomware attacks have focused on targeted businesses, Carlin wrote that "when criminals target critical infrastructure such as hospitals, utilities, and municipal networks, their activity jeopardizes the safety and health of Americans." Indeed, the hacks became a matter of life and death during the COVID-19 pandemic. Attacks on hospital and healthcare systems, as predicted, were widespread, and ransomware incidents overall surged last summer. At least one patient death was attributed to a ransomware attack on a hospital in Germany. As the world becomes more reliant on technology, Carlin wrote that the ransom demands have gotten larger over the years, averaging over $100,000 and in some cases totaling tens of millions of dollars. National security is also at risk, with increasing links between criminal actors and nation-states.
What will the task force do?
First reported by the Wall Street Journal, and subsequently picked up by the Associated Press, Carlin's memorandum directs the formation of a ransomware task force that will include the Justice Department’s criminal, national security and civil divisions, Federal Bureau of Investigation (FBI), and the Executive Office of U.S. Attorneys. The group will also collaborate with the Homeland Security and Treasury departments, the private sector, and international partners. Carlin will oversee the task force as Associate Deputy Attorney General under Lisa Monaco, who was confirmed by the Senate as Deputy Attorney General. The overall strategy of the task force will be to target the broader criminal ecosystem around ransomware, from malicious or compromised systems that support the attacks to online marketplaces where ransomware tools and stolen data are bought and sold. The task force will also act to "protect victims before they are victimized." Although Carlin didn't specify how this would be accomplished, security experts pointed to a recent FBI operation to proactively remove vulnerabilities in Microsoft Exchange servers.
SEE ALSO: CISA Updates Directive on Microsoft Exchange Vulnerabilities
What about victims that pay ransoms?
Carlin acknowledged that people and businesses who have their data encrypted with ransomware sometimes feel they have no choice but to pay the ransom.
SEE ALSO: To Pay or to Not Pay for Stolen Data
“In almost every case where they paid, they knew the amount of damage was 10, 20 times what they were paying,” he wrote, adding that he has seen payments as large as $20 million. The Wall Street Journal says the overall toll on the economy is in the billions of dollars. When ransoms are paid, however, criminals can then afford to escalate the ongoing arms race with global law enforcement. Some have called for a law that makes it illegal to pay ransoms. The official position of the Justice Department is to discourage paying ransoms to criminal actors, noting that doing so does not guarantee that data will be restored or returned, and often leads to subsequent targeted attacks.
What other resources are available?
In January 2021, the Cybersecurity and Infrastructure Security Agency (CISA) unveiled the " Reduce the Risk of Ransomware" campaign to raise awareness and instigate actions to combat this ongoing and evolving threat. As part of the campaign, CISA set up a new Ransomware Guidance and Resources page on its website that links to alerts, guides and services, fact sheets and infographics, and trainings and webinars. The Justice Department, meanwhile, has published " How to Protect Your Networks from Ransomware," explaining that prevention is the most effective defense against ransomware. "Infections can be devastating to an individual or organization, and recovery may be a difficult process requiring the services of a reputable data recovery specialist," the publication notes.
How can you prevent ransomware attacks?
The first recommendations the Justice Department makes are to:
- Implement an awareness and training program. Because end users are targets, employees and individuals should be aware of the threat.
- Enable strong spam filters to prevent phishing emails from reaching staff and authenticate inbound email.
- Scan all incoming and outgoing emails to detect threats and filter executable files from reaching staff.
Paubox Email Suite Premium, for example, offers robust inbound and outbound security tools that require no extra steps for employees to send HIPAA compliant email—no separate password or portal required. It integrates seamlessly with most email providers to send encrypted email by default, safeguarding both inbound and outbound email with data loss prevention (DLP) tools.
Subscribe to Paubox Weekly
Every Friday we'll bring you the most important news from Paubox. Our aim is to make you smarter, faster.