When it comes to the priorities of the federal government, 2020 was undoubtedly the year of the COVID-19 pandemic.
The Cybersecurity and Infrastructure Security Agency (CISA) has often taken the lead on the war on ransomware, highlighting its threats to national infrastructure and tracking major attacks on platforms like Microsoft Exchange and VMWare. But multiple agencies have been stepping up as well.
A whole-of-government approach
This week, the U.S. government launched StopRansomware.gov, a one-stop hub for ransomware resources for individuals, businesses and other organizations. The site, hosted by CISA, is described as the first joint website created to help private and public organizations mitigate their ransomware risk.
Contributing agencies include CISA (part of the Department of Homeland Security), the FBI (under the Department of Justice), the National Institute of Standards and Technology (NIST) under the Department of Commerce, the Department of the Treasury, the Department of Health and Human Services (HHS), and the U.S. Secret Service.
“The Department of Justice is working to bring all our tools to bear against these threats, but we cannot do it alone,” said Attorney General Merrick B. Garland. “It is critical for business leaders across industries to recognize the threat, prioritize efforts to harden their systems and work with law enforcement by reporting these attacks promptly.”
In announcing the site, Homeland Security spokesman Alejandro Mayorkas said that cybercriminals have targeted critical infrastructure, small businesses, hospitals, police departments, schools and more.
“These attacks directly impact Americans’ daily lives and the security of our nation,” he explained. “I urge every organization across our country to use this new resource to learn how to protect themselves from ransomware and reduce their cybersecurity risk.”
By the numbers
According to StopRansomware.gov, $350 million in ransom was paid to malicious actors in 2020, more than triple what was paid the previous year.
And while there have been many high-profile, widely covered ransomware attacks in 2021, attacks on small businesses make up roughly 75% of all ransomware cases, and they often go unnoticed.
“Like most cyberattacks, ransomware exploits the weakest link,” the site notes. “Many small businesses have yet to adequately protect their networks.”
The site is designed to help these organizations take simple steps to protect their networks and respond to ransomware incidents while providing enterprise-level information technology (IT) teams the technical resources to reduce their ransomware risk.
A one-stop shop
Before today, individuals and organizations had to visit a variety of websites to find guidance, the latest alerts, updates and resources, which made it easy to miss important information. StopRansomware.gov is described as the first central hub consolidating ransomware resources from all federal government agencies.
StopRansomware.gov starts with Ransomware 101, defining what ransomware is. It also provides a Ransomware Response Checklist for organizations hit by ransomware and tips for avoiding being hit by ransomware in the first place.
Key takeaways are:
- Good cyber hygiene habits keep your network healthy: Conduct regular vulnerability scanning to identify and address vulnerabilities, especially on internet-facing devices, to limit your attack surface.
- Keep calm and patch on: Regularly patch and update software and operating systems.
- Backing up is your best bet: Maintain offline, encrypted backups of data and regularly test your backups.
- When in doubt, report it out: Victims of ransomware should report incidents to federal law enforcement. They can request technical assistance or provide information to help others by contacting CISA.
The StopRansomware.gov site will continue to be expanded, and will eventually include specific guidance for all 16 critical infrastructure sectors vital to the nation. They include energy, food, healthcare, and information technology–some of the sectors targeted in recent high-profile cyberattacks.
How Paubox can help
One of the key recommendations of StopRansomware.gov, as well as cybersecurity professionals, is “using caution with email attachments.”
“Attackers take advantage of the reality that most users will automatically trust and open a message that comes from someone they know,” CISA notes.”Many viruses can ‘spoof’ the return address, making it look like the message came from someone else.”