U.S. Government Launches One-Stop Ransomware Resource

U.S. Government Launches One-Stop Ransomware Resource

On Thursday, July 15th 2021, the United States Government announced the launch of StopRansomware.gov which provides resources to protect American businesses and communities from the ongoing response to ransomware attacks. Ransomware is an evolving form of malware designed to encrypt files on a device, rendering any files and the systems that rely on them unusable – malicious actors then demand ransom in exchange for decryption. Ransomware actors often target and threaten to sell or leak exfiltrated data or authentication information if the ransom is not paid.[1]

Anyone with a computer connected to the internet is at risk, including government or law enforcement agencies and healthcare systems or other critical infrastructure entities. You can unknowingly download ransomware onto a computer by opening an email attachment, clicking an ad, following a link, or even visiting a website that's embedded with malware. Most of the time, you don’t know your computer has been infected – you usually discover ransomware when you can no longer access your data or you see computer messages letting you know about the attack and demanding ransom payments.[2]

The U.S. Department of Justice (DOJ) and the U.S. Department of Homeland Security (DHS), together with federal partners, have launched StopRansomware.gov to help private and public organizations mitigate their ransomware risk. Malicious actors continue to adjust and evolve their ransomware tactics over time, and the U.S. Government, state and local governments, as well as the private sector remain vigilant in maintaining awareness of ransomware attacks and associated tactics, techniques, and procedures across the country and around the world. StopRansomware.gov establishes a one-stop hub for ransomware resources for individuals, businesses and other organizations. Ransomware incidents can severely impact business processes and leave organizations without the data they need to operate and deliver mission-critical services. The economic and reputational impacts of ransomware incidents, throughout the initial disruption and, at times, extended recovery, have also proven challenging for organizations large and small.

StopRansomware.gov is the first central hub consolidating ransomware resources from all federal government agencies. StopRansomware.gov reduces the fragmentation of resources, which is especially detrimental for those who have become victims of an attack, by integrating federal ransomware resources into a single platform that includes clear guidance on how to report attacks, and the latest ransomware-related alerts and threats from all participating agencies. StopRansomware.gov includes resources and content from DHS’s Cybersecurity and Infrastructure Security Agency (CISA) and the U.S. Secret Service, the DOJ’s FBI, the Department of Commerce’s National Institute of Standards and Technology (NIST), and the Departments of the Treasury and Health and Human Services.

Ransomware is a long-standing problem and a growing national security threat. The monetary value of ransom demands has increased, with some demands exceeding $1 million. Ransomware incidents have become more destructive and impactful in nature and scope. Roughly $350 million in ransom was paid to malicious cyber actors in 2020, a more than 300% increase from the previous year. Further, there have already been multiple notable ransomware attacks in 2021, and despite making up roughly 75% of all ransomware cases, attacks on small businesses often go unnoticed. Many small businesses have yet to adequately protect their networks, and StopRansomware.gov will help these organizations and many more to take simple steps to protect their networks and respond to ransomware incidents, while providing enterprise-level information technology (IT) teams the technical resources to reduce their ransomware risk [3].

The Cybersecurity and Infrastructure Security Agency (CISA) recommends the following precautions to protect users against the threat of ransomware:

  • Update software and operating systems with the latest patches. Outdated applications and operating systems are the target of most attacks.
  • Never click on links or open attachments in unsolicited emails. 
  • Back up data on a regular basis. Keep it on a separate device and store it offline.
  • Follow safe practices when using devices that connect to the Internet. Read Good Security Habits for additional details.

In addition, the U.S. Government also recommends that organizations employ the following best practices:

  • Restrict users’ permissions to install and run software applications, and apply the principle of “least privilege” to all systems and services. Restricting these privileges may prevent malware from running or limit its capability to spread through a network.
  • Enable strong spam filters to prevent phishing emails from reaching the end users and authenticate inbound email to prevent email spoofing.
  • Scan all incoming and outgoing emails to detect threats and filter executable files from reaching end users.
  • Configure firewalls to block access to known malicious IP addresses.

[1] “United States Government Launches First One-Stop Ransomware...” Department of Homeland Security, 16 July 2021, www.dhs.gov/news/2021/07/14/united-states-government-launches-first-one-stop-ransomware-resource.
[2] “Ransomware.” FBI, FBI, 3 Apr. 2020, www.fbi.gov/scams-and-safety/common-scams-and-crimes/ransomware.
[3] “United States Government Launches First One-Stop Ransomware...” Department of Homeland Security, 16 July 2021, www.dhs.gov/news/2021/07/14/united-states-government-launches-first-one-stop-ransomware-resource.