Page 50 - FCW, November/December 2021
P. 50

Tech Spotlight Ransomware Existing tools for
a growing threat
Ransomware attacks against government agencies have exploded, but the defensive resources are multiplying as well
Ransomware is a long-standing risk; the first known incident dates back to 1989. That December, biologist Joseph Popp mailed infected floppy disks to some 20,000 individuals and medical institutions, disguising the software as a survey about the AIDS virus and then demanding $378 to per- manently reverse the encryption on a compromised computer.
Popp’s AIDS Trojan or PC Cyborg attack was primitive — the encryp- tion was relatively easy to defeat, and payments were to be mailed to a P.O. box in Panama — but it created the template for attacks that are growing more frequent and sophisticated. By 2008, ransomware was using 1024-bit encryption, making decryption all but impossible for most organizations. In 2013, the CryptoLocker variant intro- duced Bitcoin as the payment method of choice. By 2016, criminal organiza- tions were offering ransomware as a service, and in 2017, the WannaCry variant spread to systems in 150 coun- tries in a matter of days.
The Cybersecurity and Infrastruc- ture Security Agency states that 42% of public-sector organizations have suf- fered ransomware attacks in the past 12 months. Global research released in June by cybersecurity firm Sophos found that, among government orga- nizations hit with ransomware in the past year, 49% of “central government”
agencies and 69% of local governments said the cybercriminals succeeded in encrypting data.
The local government sector in par- ticular is “caught up in a vicious ran- somware circle, fueled by its inability to defend,” the Sophos report states. “As a result, local government is one of the sectors with the highest pro- pensity to pay the ransom — further encouraging attackers to target local government organizations.”
Federal agencies are generally better resourced and have more skilled secu- rity personnel. So while “this sector experienced above-average levels of attacks, it has one of the lowest levels of data encryption,” the report states. “It is also one of the sectors most able to restore data using backups.”
Increasingly, though, ransomware attackers are not only encrypting, but extorting — stealing an organization’s data and threatening to publicly release it unless a ransom is paid. Although strong file-backup strategies can miti- gate the risk from traditional attacks, “you can’t reclaim the confidentiality of sensitive papers posted on Paste- bin,” said Rex Booth, a senior adviser at CISA. “There’s no magic wand that we or anybody else has to reverse [ran- somware’s] impact once it’s occurred.”
The push to reduce ransomware
As a result, federal agencies are step-
ping up their efforts to help public- and private-sector organizations protect themselves from attack. In July, the departments of Justice, Homeland Security and other federal partners launched, a web- site that aims to be a one-stop shop for resources to help organizations miti- gate their ransomware risk.
“Cyber criminals have targeted crit- ical infrastructure, small businesses, hospitals, police departments, schools and more,” DHS Secretary Alejandro Mayorkas said when the site launched. “These attacks directly impact Ameri- cans’ daily lives and the security of our nation.”
The site consolidates ransomware information from all federal agencies, including the latest alerts and threats from CISA, the Secret Service, the FBI, the National Institute of Standards and
50 November/December 2021 FCW.COM

   48   49   50   51   52