Sanctions Leave US Ransomware Victims with No Way Out
The US Treasury Department's Office of Foreign Assets Control ("OFAC") imposed multiple sanctions against a Russian-operated virtual currency exchange involved in ransomware payments. It issued an updated advisory on the sanction risks associated with ransomware payments.
Victimized organizations balance the risk and cost of stalled operations and encrypted data with federal watchdogs ready to act. Response and recovery are never going to be an easy process. Ransomware exists because organizations and cyber insurance companies are paying the perpetrators.
Ransomware attacks, in most cases, cause complete shutdowns of mission-critical functions. This has the same effect as business continuity events. As a result, business continuity planning is one of the best ways to prepare for the increasing likelihood that an organization will eventually fall victim to a ransomware attack. Without a solid business continuity plan, organizations are forced to pay threat actors and may face stiff sanctions or fines in the future.
A ransom payment is a negligible portion of the costs incurred by an organization following a ransomware attack. Added to the risk of reputation loss, fines, sanctions, downtime, and recovery expenses, organizations, and cyber insurance firms face uncertainty without clear direction on identifying threat actors for proper OFAC due diligence.
Biden-Harris Administration Warns
In response to the unprecedented economic sanctions imposed by the United States, the Biden-Harris Administration has repeatedly warned about the possibility of Russia engaging in malicious cyber activity against the United States. There is now growing evidence that Russia is considering cyberattack options.
The United States Government will continue to work to provide resources and tools to the private sector, including through CISA's Shields-Up campaign. While we will do everything possible to defend the Nation and respond to cyber-attacks, the private sector owns and operates much of the nation's critical infrastructure. Therefore, the private sector must act to protect the vital services on which all Americans rely.
Biden-Harris Administration and CISA Urge Companies To
Below you will find a list of guidance provided by the Biden-Harris Administration and CISA. CyberSecOp has assisted with the following list, along with other security frameworks found below.
Biden-Harris Administration and CISA List
Mandate the use of multi-factor authentication on your systems to make it harder for attackers to get onto your system.
Deploy modern security tools on your computers and devices to continuously look for and mitigate threats.
Check with your cybersecurity professionals to make sure that your systems are patched and protected against all known vulnerabilities and change passwords across your networks so that previously stolen credentials are useless to malicious actors.
Back up your data and ensure you have offline backups beyond the reach of malicious actors.
Run exercises and drill your emergency plans so that you are prepared to respond quickly to minimize the impact of any attack.
Encrypt your data so it cannot be used if it is stolen.
Educate your employees about common tactics that attackers will use over email or through websites and encourage them to report if their computers or phones have shown unusual behavior, such as uncommon crashes or operating very slowly.
Engage proactively with your local FBI field office or CISA Regional Office to establish relationships before cyber incidents. Please encourage your IT and Security leadership to visit the websites of CISA and the FBI, to find technical information and other valuable resources.
Bolstering America’s cybersecurity over the long term
We also must focus on bolstering America’s cybersecurity over the long term. We encourage technology and software companies to:
Build security into your products from the ground up - “bake it in, don’t bolt it on” - protect your intellectual property and your customers’ privacy.
Develop software only on a highly secure system and accessible only to those working on a particular project. This will make it much harder for an intruder to jump from system to system, compromise a product, or steal your intellectual property.
Use modern tools to check for known and potential vulnerabilities. Developers can fix most software vulnerabilities — if they know about them. There are automated tools that can review code and find most coding errors before software ships, and a malicious actor takes advantage of them.
Software developers are responsible for all code used in their products, including open-source code. Most software is built using many different components and libraries, which are open source. Make sure developers know the provenance (i.e., origin) of components they are using and have a “software bill of materials” in case one of those components is later found to have a vulnerability so you can rapidly correct it.
Implement the security practices mandated in the President’s Executive Order, Improving our Nation’s Cybersecurity. Under that EO, all software the U.S. government purchases are now required to meet security standards in how it is built and deployed.
CyberSecOp Cybersecurity Services & Information Security Compliance assists organizations in developing mature cyber security, risk, and compliance programs according to PCI, HIPAA, SOC, GLBA, FISMA, ISO, NYDFS, NIST, and other security compliance mandates.