You’ve all seen the recent headlines dealing with ransomware attacks: the Colonial pipeline, global meatpacker JBS, and even the ferry service from Cape Cod to the neighboring islands of Nantucket and Martha’s Vineyard. For years, the federal government treated ransomware as a criminal menace — not as urgent as hacking by foreign spies. But after this spike of high-profile ransomware attacks that jarred the nation, the U.S. government now has begun framing the issue as a matter of national — and global — security.
Last week, the Biden administration said it’s going to treat ransomware attacks as a national security threat, using intelligence agencies to spy on foreign criminals and contemplating offensive cyber operations against hackers inside Russia. The U.S. Department of Justice is elevating investigations of ransomware attacks to a similar priority as terrorism. In fact, FBI Director Wray compared the ransomware challenge we are experiencing to the attack on 9/11.
In an open letter, the White House encouraged business leaders to act and also take defense steps “to disrupt and deter” attacks that deploy ransomware. Last fall, the Cybersecurity and Infrastructure Security Agency (CISA) and the Multi-State Information Sharing and Analysis Center (MS-ISAC) released a joint Ransomware Guide, which is a customer centered, one-stop resource with best practices and ways to prevent, protect and/or respond to a ransomware attack. This guide, along with other resources CISA provides, are great references that you can leverage to develop your defense and response strategies to ransomware.
Some of the Ransomware Guide’s recommended security measures align well with Micro Focus solutions, including:
- Vulnerability scanning: For applications, Fortify DAST.
- Detection of both “precursor” malware and ransomware: ArcSight Intelligence for Crowdstrike, and ArcSight ESM
- Data back-up and recovery: File Dynamics (Epoch Data Protection repository) ConnectMX, and Data Protector.
- Retain and adequately secure logs: ArcSight Recon.
- Cyber hygiene: For endpoints, ZENworks.
- Apply multi-factor authentication (MFa): Advanced Authentication
Criminal ransomware rings have made it clear that they do not intend to slink away in the face of the U.S. government’s ramped-up efforts. And I honestly do not believe we’ll slow these attacks significantly until cryptocurrency exchanges operating offshore are compelled to report suspicious transactions, including the identities of the parties. It’s going to be a long, hard-fought battle that’ll continue to impact many organizations. Micro Focus is here to help.
Join our Security Community | What is Cyber Resilience? | What is Cybersecurity?