This month is the 18th Annual National Cybersecurity Awareness Month in the United States, sponsored by the Cybersecurity and Infrastructure Security Agency (CISA) and the National Cyber Security Alliance. This year’s theme is again “Do Your Part. #BeCyberSmart.” Being Cyber Smart includes awareness of current threats like business email compromise (BEC), phishing, ransomware, and supply chain compromise. This Alert addresses ransomware, which is one of today’s greatest threats.
Ransomware is a type of malware that encrypts data. Attackers then demand payment, usually in cryptocurrency, for a victim to get the decryption key and restore access to the data. Ransomware attackers also frequently exfiltrate (steal) a victim’s information and demand payment for not disclosing or selling the information.
Ransomware is a growing and evolving threat. For example, on Oct. 15, the U.S Treasury’s Financial Crimes Enforcement Network issued a report, Ransomware Trends in Bank Secrecy Act Data Between January 2021 and June 2021. It reported that “[t]he total value of suspicious activity reported in ransomware-related SARs [suspicious activity reports] during the first six months of 2021 was $590 million, which exceeds the value reported for the entirety of 2020 ($416 million).” It also found $5.2 billion in payments to virtual currency wallets potentially tied to ransomware payments.
Following a number of high profile cyberattacks, including the Colonial Pipeline ransomware attack earlier this year, the federal government established a multiagency website, StopRansomWare, that provides combined resources for preventing, responding to, and recovering from ransomware. Resources include a wealth of information from federal agencies, like CISA’s Protecting Sensitive and Personal Information From Ransomware-Caused Data Breach and Ransomware Guide, published by CISA and the Multi-State Information Sharing & Analysis Center. It also includes a link to the National Institute of Standards and Technology’s (NIST) Ransomware Protection and Response website, which includes a list of comprehensive technical publications related to ransomware.
Preventing, responding to, and recovering from ransomware are important parts of comprehensive cybersecurity programs for businesses and organizations of all sizes. Cybersecurity Awareness Month is a good time to review and update plans in light of increasing ransomware threats and the new information resources listed in this Alert.