Best Practices for Reducing the Risk and Impact of Ransomware Attacks
In the wake of the Colonial Pipeline and JBS hacks, cybercrime and ransomware attacks continue to be top of mind for global corporations. As consumer purchasing moved to online transactions (digital trade) during the COVID-19 pandemic, the incidence of cybercrime also grew. FBI Director Christopher Wray recently compared the bureau’s shift to global ransomware threats to the agency’s shift to the threat of global terrorism after the 9/11 attacks. According to Wray, the FBI is currently investigating over 100 different software variants used in ransomware attacks.
As the digital economy grows, cyberattacks are increasing and federal investigations into cybercrime are growing at exponential rates. It’s now a business imperative for companies to have a disaster preparedness plan in place for cyberattacks & security breaches in order to mitigate risk and limit their liability. Pamela Clegg, Vice President of Financial Investigations for CipherTrace, recently appeared on News Nation to discuss the growth of cyberattacks and how companies and US lawmakers can address cybercrime. During the interview, Ms. Clegg delineated practical steps that companies can take to limit their exposure to cyberattacks (and the resulting damage to their reputation and brand.)
Best Practices to Minimize Cyber Hacks & Ransomware Attacks
There are several steps that companies can take to minimize the damage from cyberattacks. Preventative measures include:
- Prepare an incident response plan and have it on hand before an attack occurs.
- Choose an incident response firm using effective A blockchain—the technology underlying bitcoin and other c... More analytics and A cryptocurrency (or crypto currency) is a digital asset des... More intelligence software, such as CipherTrace, to track the cryptocurrency payments made to the hackers.
- Consider purchasing cybersecurity insurance.
- Gather as much information as possible about the hackers and the attack before making the ransom payment.
- Evaluate whether or not making a ransomware payment qualifies as a sanction violation. Sanctions violations can result in costly civil fines and even prison time for the ransomed party.
- Pay in Bitcoin is a digital currency (also called crypto-currency) ... More; avoid using anonymity-enhancing technology or privacy coins to pay ransoms.
- Report all ransomware attacks to national law enforcement.
“There’s a lot of information that you can gather within a relatively short amount of time, before deciding to make that payment. That’s where the incident response firms can step in and help,” noted Ms. Clegg.
“That’s where companies like CipherTrace can also step in and help. We can analyze payments that have already been made to that particular ransomware group or actor. Then we can make an informed decision about whether or not that payment may constitute a sanctions violation,” she added. “The Department of Treasury advised at the end of 2020 that payments made to sanctioned groups that are state entities can actually result in a sanctions violation for the victim.”
Law Enforcement and Remedies for Cyber Attacks
In addition to formulating an incident response plan, businesses should also work with lawmakers and international law enforcement agencies to prevent future attacks. There’s a valuable role that both public and private sector can play in working together to prevent cybercrimes.
“Information sharing is key here. We really need to see increased collaboration between the private and public sector. There’s a lot of information that is being held within the private sector—firms that continually deal with ransomware, “ said Ms. Clegg. “If we can combine forces between public and private sectors, that would be a huge bonus to businesses within the United States that are falling victim to this. Additionally, we need to increase our international cooperation at the law enforcement level. Even though we may be able to track cryptocurrency payments in real time as they move along the blockchain, law enforcement is still constrained in how quickly they can react within the current law enforcement framework that they have for international investigations.”
When ransomware attacks occur, it’s not just businesses and their reputations that suffer the consequences—consumers are also impacted. In the case of the Colonial Pipeline attack, consumers suffered increased gas prices as well as gas shortages.
To hear the complete interview from NewsNation, watch the video interview below:
FULL TRANSCRIPT OF INTERVIEW BELOW
Q: What do US companies need to do to prepare for Cyber Attacks now?
A: Companies really should expect to be a victim at some point. So—we have to have:
1) an incident response plan already on the books
2) They may also want to engage an incident response firm. That firm will most likely be using a cryptocurrency analytics tool like CipherTrace to be able to track that Cryptocurrency payment once that payment is made.
Q: So if you’re the CEO of a company, of course you should take the precaution & prepare. But once you’ve been hacked, the main objective is to get business back online again. So it’s understandable why they don’t wait for this investigation to play out, which may not even go anywhere. What other choice do they have it you’re in their shoes.
A: There’s a lot of information that you can gather within a relatively short amount of time, before deciding to make that payment. That’s where the incident response firms can step in and help. That’s where companies like CipherTrace can also step in and help. We can analyze payments that have already been made to that particular ransomeware group or actor.
Then we can make an informed decision about whether or not that payment may constitute a sanctions violation. Which is what we saw the Department of Treasury advise at the end of 2020, that payments made to sanctioned groups that are state entities, can actually result in a sanctions violation for the victim. (the victim in this particular case.)
Q: So the Hacker gets sanctioned, but that still doesn’t get the company’s business back, up and running again. Your firm does a lot of work, and we can understand that—but you can understand where the companies are coming from too when they are faced with paying a ransom to get back to doing business or waiting for sanctions, hiring a firm, etc. A lot of lawmakers are calling for a law against paying ransom. What role should Congress really play in preventing these attacks?
A: Information sharing is key here. We really need to see increased collaboration between private & public sector. There’s a lot of information that is being held within the private sector—firms that continually deal with ransomware. Then there is also segregated information that’s being held within the public sector. If we can combine forces between public and private sectors, that would be a huge bonus to businesses within the United States that are falling victim to this. Additionally, we need to increase our international cooperation at the law enforcement level. Even though we may be able to track cryptocurrency payments in real time as it moves along the blockchain, law enforcement is still constrained in how quickly they can react within the current law enforcement framework that they have for international investigations.
Q: The FBI is now treating these ransomware attacks as “acts of terror” what does that mean for the people who are caught carrying them out and does it mean anything at all for when they are in countries overseas and those countries are unwilling to extradite?
A: There are actors who are taking refuge in countries that are not cooperating with victims & countries who are bearing the brunt of the ransomware attacks. Throughout 2020, we saw ransomware attacks quadruple throughout the world. We saw an increase in ransomware payments of 100%. So, this is something that is of interest to the private sector because this is BIG money walking out the door. The payments could go to Terrorist activities, proliferation of weapons of mass destruction. It’s going to sources that ultimately, we may not actually know, the extent of the damage (that these funds could actually fund. )
Q: In the public sector, what are the implications of that on electric grids, water systems, security networks. Why should all of us be concerned, even if we are not directly affected?
A: I think we saw why a lot of us are concerned when Colonial Pipeline suffered their ransomware attack, and the East Coast was largely left without gas. We had a gas shortage for several days. This is something that impacts the overall economy, within the US and the Western world. It affects our pocketbooks, when we have these large organizations that have to payout these large ransoms– that is going to get passed along to the consumer.
CipherTrace is a proud member of the Ransomware Task Force. To learn more, download the report, Combating Ransomware: A Comprehensive Framework for Action: Key Recommendations.