Task Force Seeks to Disrupt Ransomware Payments – Krebs on Security
Some of the world’s top tech firms are backing a new industry task force focused on disrupting cybercriminal ransomware gangs by limiting their ability to get paid, and targeting the individuals and finances of the organized thieves behind these crimes.
Edgard Capdevielle, CEO of Nozomi Networks:
“The task force has done a thorough job on this tough assignment. Addressing ransomware, as we well know, is not a clear cut job. Ransomware attacks, not only on high profile targets such as government and industry but also on organizations of all sizes and in across all verticals, are becoming all too common.
This should be factored into an organization’s incident response and business continuity plans. Beyond a technical response, decision makers need to be prepared to weigh the risks and consequences of alternate actions. Ransomware threat actors typically rely on spear phishing links or vulnerable public services to gain initial entry into a network. Afterward, they move laterally to gain access to as many nodes of the network as possible, allowing them to increase the magnitude of the disruption. Cybersecurity best practices such as strong segmentation, user training, proactive cyber hygiene programs, multi-factor authentication and the use of continuously updated threat intelligence, should be used to protect IT and operational environments from ransomware and other cyberattacks.
However, there is much work ahead to ensure we move forward with successful initiatives and best practices that secure our country in a reasonable timeframe.
Critical infrastructure security has never been more important. In the face of so many threats and attacks, like SolarWinds, Microsoft and the Florida water treatment facility hack, we must step up efforts to develop effective coordination and collaboration across government agencies and with the private sector so that all are working together, and not in a vacuum or at cross-purposes. Public/private cooperation is critical, and the efforts to drive this must be carefully designed so they are not too heavy-handed. New efforts must be effective without infringing on rights to privacy or unintentionally make it harder or even discouraging the private sector from working with the government. Partnership – and access to technology advancements that often come from smaller private vendors – is key.
The DHS and CISA need funding, municipalities need federal help. When appropriate financial resources are in place to enable these initiatives, that’s when we’ll start to make progress.”
Alexa Slinger, identity management expert at OneLogin:
“This task force is extremely timely, as we are beginning to see a significant rise in attacks on critical infrastructure sectors, such as emergency services, education, healthcare, water systems and transportation. These attacks can have dire influence, including loss of life, and we are glad to see the government’s recognition of ransomware being a national security threat.
The five priority recommendations laid out in the executive summary are an excellent foundation to combat the conditions in which ransomware has been able to flourish over the last few years. As these steps are implemented, malicious actors will continue to look for new and innovative ways to target these high value individuals and/or large enterprise organizations. The task force may also be well served to work with white hat hackers to look for other vulnerabilities that cybercriminals may use to work around the systems they put in place.
The task force recommendation for building a framework to help organizations prepare for and respond to ransomware is a key part of combating ransomware. It is only through security awareness training that organizations, as well as their employees, partners, and customers, can make informed decisions that could impact a bad actor’s attempt to infiltrate an organization’s system. No person or industry is exempt from the threat of ransomware and it requires constant focus, assessment and review to ensure critical data and assets remain protected.”