The USA is Under a 'Ransomware Siege'

U.S. crime-fighting agencies testified in front of Congress during the last week of July 2021, and the hearing had a chilling title: "America Under Cyber Siege: Preventing and Responding to Ransomware Attacks"

Since January 2021, ransomware attacks have disrupted critical infrastructure, the food supply, IT management, healthcare, education, transportation, and many other sectors of the economy.For the most part, criminal and nation-state actors continue to launch attacks with little fear of facing consequences.

What can the United States and private organizations do about these cyberattacks? Jeremy Sheridan, Assistant Director of the Office of Investigations at the United States Secret Service, offered some answers in his testimony. And he emphasized one thing the headlines already tell us:

"Year-over-year, the U.S. Secret Service has observed a marked uptick in the frequency, sophistication, and destructiveness of ransomware attacks against the American people."

3 reasons America is targeted with ransomware

Sheridan spoke to the U.S. Senate Judiciary Committee, and he explained what he views as the top three reasons America is under cyber siege through ransomware attacks:

1.0 "The swelling profitability of these attacks, in part as a result of the growth of cryptocurrencies as a form of extortion payment"

2.0 "The lack of adequate defenses on the part of many U.S.-based organizations"

3.0 "The maturation of a cybercriminal ecosystem that has grown more sophisticated and destructive over the decades, perpetrating increasingly brazen attacks"

What does this maturing cybercriminal ecosystem look like? Sheridan explains: "As the marketplace matured, criminals began sharing best practices for hacking, laundering illicit proceeds, and avoiding detection by law enforcement.

Cybercriminals who specialized in one particular area of cybercrime such as network intrusion, malware development, or money laundering began offering their products and services to others in exchange for a fee, or a percentage of the illicit proceeds of the scheme in which those products or services were to be used. Thus, the 'Ransomware-as-a-Service' industry was born, an industry upon which much of today’s ransomware environment depends.

This maturation coincided with, and in certain respects was the result of, two key technological developments. The first was the arrival of bitcoin as the first widely accepted cryptocurrency in 2009. Bitcoin, which is based on public-key cryptography and ongoing decentralized computation to form a blockchain, offered cybercriminals a novel means of accepting and transferring value, one that does not always comply with the oversight and controls placed on traditional banking and financial systems."

Sheridan says we must recognize that ransomware will be a serious threat for the foreseeable future and that there is no "silver bullet" available.

At Red Sky Alliance, we can help INFOSEC teams with services beginning with cyber threat notification, analysis and complete elimination of cyber threat from both the inside and outside of networks. Our team members will be happy to hold a brief call with your team to help them better prepare for cyberattacks, malware and ransomware. And what if this call led to savings in current duplicated services and forecasted need for additional personnel? The government is urging businesses to ensure they immediately implement practices.

The following is what Red Sky Alliance recommends:

All data in transmission and at rest should be encrypted.
Proper data back-up and off-site storage policies should be adopted and followed.
Implement 2-Factor authentication-company wide.
For USA readers, join and become active in your local Infragard chapter, there is no charge for membership. infragard.org
Update disaster recovery plans and emergency procedures with cyber threat recovery procedures. And test them.
Institute cyber threat and phishing training for all employees, with testing and updating.
Recommend/require cyber security software, services and devices to be used by all at home working employees and consultants.
Review and update your cyber threat and information security policies and procedures. Make them a part of all emergency planning and training.
Ensure that all software updates and patches are installed immediately.
Enroll your company/organization in RedXray for daily cyber threat notifications are directed at your domains. RedXray service is $500 a month and provides threat intelligence on nine (9) cyber threat categories including Keyloggers, with having to connect to your network.
Purchase annual cyber insurance coverage from Red Sky Alliance provided by Cysurance.

Red Sky Alliance is a Cyber Threat Analysis and Intelligence Service organization. For questions, comments or assistance, please contact the office directly at 1-844-492-7225, or feedback@wapacklabs.com

Weekly Cyber Intelligence Briefings: