America’s National Cyber Investigative Joint Task Force (NCIJTF) has released a new joint-seal fact sheet in a bid to raise public awareness about ransomware.
The sheet was created to publicize both the current threat posed by this particular type of malware and detail the United States government’s response. In addition, the document describes common infection vectors, tools for attack prevention, and who to contact in the event of a ransomware attack.
To produce the sheet, the NCIJTF pulled together an interagency group of subject-matter experts from over 15 different government agencies.
The group’s advice on the best way to minimize ransomware risks was to “backup your data, system images, and configurations, test your backups, and keep the backups offline.”
Use of multi-factor authentication was advised along with updating and patching systems and making sure security solutions are up to date. The group also recommended having an incident-response plan and reviewing and exercising it.
According to the NCIJTF, an estimated minimum of $144.35m in Bitcoin has been paid out as ransomware ransom between 2013 and 2019.
“While fact sheets such as this may not be particularly helpful, it’s certainly good to see the government becoming increasingly proactive in relation to the ransomware problem. Every little bit helps,” Emsisoft’s Brett Callow told Infosecurity Magazine.
“It’s also good to see direct action against cybercrime groups enjoying some success with the recent disruptions of Emotet and NetWalker. Combatting threats requires action on multiple fronts–education, enforcement, policy–and, in combination, these measures may eventually see a reduction in cybercrime.”
In a statement released today, the FBI said that the federal government was particularly concerned about ransomware attacks on the networks of police and fire departments; state, local, tribal, and territorial governments; municipalities; hospitals; and other critical infrastructure.
The Bureau said: “These types of attacks can delay first responders in responding to emergencies or prevent a hospital from accessing lifesaving equipment. It is imperative these organization be prepared in the face of the ransomware threat.”
The FBI advises those hit by ransomware not to pay up as doing so will not guarantee the recovery of those files encrypted by the criminals.