Good news for pentesters and network admins: US issues ransomware guidance asking biz to skill up security teams

The White House has issued a communique to business leaders [PDF] urging them to take the threat of ransomware a bit more seriously.

The memo, from deputy national security advisor for Cyber and Emerging Technology Anne Neuberger, said the private sector has a “critical responsibility” to protect their businesses against ransomware.

“All organizations must recognize that no company is safe from being targeted by ransomware, regardless of size or location,” she said.

“Much as our homes have locks and alarm systems and our office buildings have guards and security to meet the threat of theft, we urge you to take ransomware crime seriously and ensure your corporate cyber defenses match the threat.”

• The policy of truth: As ransomware claims rise, what's a cyber insurer to do?
• Brit retailer Furniture Village confirms 'cyber-attack' as systems outage rolls into Day 7
• FYI: Today's computer chips are so advanced, they are more 'mercurial' than precise – and here's the proof
• Antivirus that mines Ethereum sounds a bit wrong, right? Norton has started selling it

The advice that followed could best be described as typical infosec best practice. First on the list, businesses were urged to implement the five edicts in Biden's Improving the Nation’s Cybersecurity Executive Order. These include the use of multi-factor authentication, endpoint detection and response, encryption, and having a “skilled, empowered security team.”

Firms were also told to keep regular offline backups, segment their networks, promptly apply security patches, test their incident response plans, and use the services of a third-party penetration tester to identify any potential vulnerabilities missed by internal staffers.

Publication of the memo came after two devastating and high-profile ransomware attacks. The first, in May, affected the Colonial Pipeline company, which supplies almost 45 per cent of fuel to the US East Coast. The security incident, which was allegedly resolved after the company paid a $4.4m ransom to the attackers, resulted in temporary shortages of petrol across much of the southeast of the country, as well as rampant panic-buying.

More recently, Ireland's nationalised health service was forced to close down its IT systems after a "human-operated" Conti ransomware attack. And JBS Foods, the world’s largest meat producer, was forced to close packing and processing facilities in North America and Australia after it fell victim to a ransomware attack. On Wednesday, the FBI named prolific Russian cybercriminal group REvil (also known as Sodinokibi) as the likely culprit.

On Thursday, the Biden Administration issued guidance to US attorney’s offices instructing them to coordinate investigations with a central task force, based in Washington DC.

"To ensure we can make necessary connections across national and global cases and investigations, and to allow us to develop a comprehensive picture of the national and economic security threats we face, we must enhance and centralize our internal tracking,” said the note, which was obtained by Reuters.

This approach mirrors how American authorities handle terrorism cases.

The guidance also instructed U.S. Attorneys to inform the central task force when investigating cases involving: counter anti-virus services, online forums or marketplaces trading in illicit wares, botnets, “bulletproof” hosting services, online money laundering platforms, and cryptocurrencies.

Ransomware attacks went up almost five fold in volume in 2020 compared to the prior year, or so said Bitdefender's Consumer Threat Landscape Report. According to reports this week, cyber insurance premiums went up 27 per cent in January from 2020 levels. ®