Last month, the Biden administration announced further plans to protect organizations from the growing threat of ransomware, and to punish the criminals responsible for such attacks.
The new initiatives includes a State Department program that offers rewards of up to $10 million for anyone who provides information that helps prevent or punish criminal hackers who conduct ransomware attacks.
It complements the Rewards for Justice program, which is aimed at combating international terrorism – perhaps fitting given the damage that ransomware can cause not only to affected organizations but to society as a whole.
Consider, for example, the fallout of the attack on Colonial Pipeline. In May 2021, the DarkSide ransomware gang infiltrated the fuel supplier’s systems, forcing the organisation to halt its operation.
It let to news reports of gas stations running low on fuel and people hoarding supplies – often in buckets, plastic bags and other unsafe materials.
After initially stating that it wouldn’t negotiate with the attacks, Colonial eventually relented. Initial reports claimed that the organisation paid $5 million in bitcoin, but the Colonial’s CEO Joseph Blount later confirmed that the fee was $4.4 million.
That may have been the most high-profile ransomware case in recent memory, but it is far from the only one. CWT Global paid a $4.5 million ransom last summer, while Brenntag, Travelex and the University of California at San Francisco have also made multi-million-dollar payments.
A four-pronged strategy
The US government’s cash reward scheme is only one of four strategies to tackle the threat of ransomware. It also plans to:
- Make it more difficult for ransomware gangs to transfer funds using cryptocurrency
- Encourage international corporation in combating ransomware
- Help US organizations become more resilient against criminal hacking
Although we may see immediate benefits, a government spokesperson emphasized that this is a long-term project.
“This is a problem that’s built up over a number of years and it’s not something that will be solved in a moment,” the official said. “It won’t be turned off like a light switch. But we’re looking for meaningful, meaningful progress.”
The plans are the first published results of a government-wide effort to address the threat of ransomware, which was first reported in May.
The plans coincide with the formation of the RTF (Ransomware Task Force), which contains expertise from governments, software firms, cybersecurity vendors, non-profits, and academic institutions from across the world.
In an 81-page report published earlier this year, the group called for “aggressive and urgent action” against ransomware.
The RTF co-chair Jen Ellis said: “Citizens are being impacted by this every day. It’s having a huge impact on the economy and the ability for ordinary people to access critical services.
“Not only that but, really distressingly, the funds that come in from paid ransoms fund other forms of organised crime, like human trafficking and child exploitation.”
According to cyber security company Emisoft, ransomware attacks cost organisations at least $42 billion (£30 billion) in business interruption and in ransom payment last year – although it says the true cost may be as high as £122 billion.
The RTF recommends that governments make it mandatory for victims to report if they pay criminals. It also proposes that they:
- Designate ransomware attacks as a national security threat;
- Create a response and recovery fund to support ransomware victims and help them recover;
- Increase regulation of cryptocurrency services; and
- Exert pressure on nations which are complicit, or refuse to take action against domestic ransomware groups.
What happens when you come under attack?
These plans demonstrate just how important it is to prioritise the threat of ransomware. Part of that involves considering what will happen when you fall victim – because as we’ve seen time and again, even the most well-funded, well-prepared organizations come under attack.
What you must remember is that the faster you can respond, you smoother your recovery will be.
To help organizations manage this process, IT Governance USA has created its Cyber Security Incident Response Service.
Expert consultants will guide you through every step, from identifying the source of the breach and how to stem the damage to notifying the appropriate people and returning to business as usual.