2021 Updated Ransomware Advisory + Resources
The Department of Treasury released the Updated Advisory on Potential Sanctions Risks for Facilitating Ransomware Payments.
The Federal Bureau of Investigation (FBI) released their Internet Crime Report which detailed the 21% increase in reported ransomware cases and 225% increase in associated losses from 2019 to 2020. Since the last report in 2020, the government has introduced StopRansomWare.gov and maintained the already established resources from:
Dept. of Treasury Office of Foreign Assets Control (OFAC)
Dept. of Treasury Office of Cyber Security and Critical Infrastructure Protection (OCCIP)
Dept. of Treasury Financial Crimes Enforcement Network (FinCEN)
Federal Bureau of Investigation Cyber Task Force
Secret Service Cyber Fraud Task Force
Cybersecurity and Infrastructure Security Agency (CISA)
Homeland Security Investigations Field Office
StopRansomWare.gov offers a variety of resources including the extremely valuable ransomware guide. The guide, prepared by CISA, is split into two section, Ransomware Prevention Best Practices and Ransomware Response Checklist.
Ransomware Prevention Best Practices
CISA offers excellent in depth recommendations for understanding how ransomware attacks happen and how to structure digital databases to be as secure as possible. CISA offers guidance as to how information should be encrypted and backed up incase any of the victim's structures need to be rebuilt after an attack. There is also discussion about building a response plan with a notification system that informs the necessary employees and federal agencies as soon as any suspicious activity is noticed, collectively called a Cyber Incident Response Plan.
CISA then details the best practices for building defenses and response systems that will directly respond to the possible Ransomware Infection Vector. The infection vectors, or methods in which the ransomware infects a system, mentioned are:
Internet-Facing Vulnerabilities and Misconfigurations;
Precursor Malware Infection; and
Third Parties and Managed Service Providers.
The last portion of this section details very clear steps for building roadblocks for any potential ransomware attacks. These methods include network segmentation, building a network diagram to help incident response teams react more quickly and strengthening cloud security systems.
Ransomware Response Checklist
There are 19 steps that each victim of a ransomware attack must immediately and methodically move through once the attack is detected. Broadly, the sequence has three phases: Detection and Analysis; Containment and Eradication; and Recovery and Post-Incident Activity.
CISA also offers two sets of contacts that will offer guidance once an attack has been detected or is suspected.
Federal Asset Response Contacts
The Cybersecurity Advisor of CISA offers specific guidance to help evaluate and remediate ransomware incidents. This includes remote assistance with identifying the exact extent of the breach as well as analysis of the infection vectors.
Federal Threat Response Contacts
The Federal Bureau of Investigation (FBI) and the U.S. Secret Service assist in conducting a criminal investigation and collect relevant incident artifacts including models of the system structure and samples of any malware used.
Be sure and check out our videos as well on our website and on our YouTube page.