img Proposals

Fighting Ransomware
img
ONC Editorial

Dec 02, 2023

America’s citizens, businesses and agencies are vulnerable to cyber blackmail, and they’re not doing enough to protect ourselves. (The opinions expressed in this piece are those of the individual author, Sayyed H. Razmjo.)

Big Picture

Blackmail with extreme reach — that’s ransomware. It’s a type of malware that employs encryption and engineering techniques to gain unauthorized access to a victim’s data. It then threatens to publish the data unless a ransom is paid.

Ransomware attacks are increasingly used by cybercriminals to force people, organizations, businesses and even government agencies to pay a ransom in return for the proper tools and decryption keys to restore their sensitive data. As the U.S. is advancing towards further digitization, these types of attacks are expected to inflict tremendous damage to America’s economy, critical infrastructure and privacy. 

We need to be prepared.

Operative Definitions

  1. Cryptography: Derived from the Greek word “kryptos,” meaning “hidden,” cryptography is the study of secure communication techniques and algorithms that ensure messages are confidential.
  2. Cryptovirology: A field in computer science focusing on how cryptography can be used to design, implement and write powerful, malicious software. 

Important Facts & Statistics

  1. By the end of 2021, ransomware attacks have cost more than $21 billion dollars in economic damage. This number is greater when accounting for productivity and reputation loss, and for data and network restoration costs. 
  2. On average, an organization somewhere on the globe is targeted by ransomware attacks every 11 seconds.
  3. Since 2016, 4,000 ransomware attacks have occurred daily in the U.S. 
  4. In 2021, the largest ransomware payout of an insurance company to date — $40 million — was recorded. 
  5. By the end of 2020, 33% of all cyber attacks against governmental agencies were ransomware attacks. 
  6. Only around 38% of U.S. local and state government employees are educated and trained in ransomware attack mitigation and prevention techniques. 

Five-Point Plan

(1) Increase cyber policing. Ransomware attacks are effective partly because cyber criminals don’t perceive much risk. Thanks to cryptocurrencies and untraceable browsers, and other methods of going anonymous on the internet, attackers have been able to execute their malicious activities without much concern about being traced or caught. Cyber police, law enforcement and intelligence agencies must be must offensive in identifying and capturing cyber criminal groups. U.S. intelligence agencies have unmatched offensive firepower in cyberspace — so let’s use it. Since some ransomware attacks originate outside the jurisdiction of the U.S., international cooperation between intelligence agencies is required to bring down criminals. States that do not comply with the common rules and regulations, or states that use ransomware themselves, should be isolated and pressured through diplomatic talks, economic sanctions and other political and economic means. 

(2) Educate people. Statistics reveal that 95 percent of all cyber breaches can be traced back to human error. Moreover, data on ransomware show that one in every 6000 emails contain malicious links or attachments. It’s no surprise that a majority of ransomware attacks are carried out through social engineering and phishing emails. One of the best solutions is educating and training individuals and employees about general cyber threats, especially ransomware. Universities should start requiring fundamentals of cybersecurity as part of their core curriculum. Similarly, organizations should offer regular cybersecurity training to their employees. The government must increase funding for cybersecurity research and training programs. 

(3) Maintain regular data backups. Data backups are the single most important security measure against ransomware attacks. Although cybercriminals are ramping up new techniques of data exfiltration and leakages, keeping backups at least ensures that no important data is lost. It is important to keep the data backups offline and encrypted to ensure maximum security. 

(4) New laws and regulations regarding cybersecurity. Last year, a new cybersecurity law was passed: The Strengthening American Cybersecurity Act. This law requires critical infrastructure companies and civilian federal agencies to report “substantial” cyber breaches to the Cybersecurity and Infrastructure Security Agency (CISA) within 72 hours. It specifies that ransomware incidents must be reported within 24 hours. This is good progress, but work remains to be done. While roughly 85 percent of the critical infrastructure is managed by the private sector, there is no single law requiring minimum cybersecurity practices in the U.S. Companies are left with their own preferences in implementing their cybersecurity practices. This is why more than 50 percent of all private organizations do not even have a cybersecurity incident response team. New cybersecurity laws must be implemented, requiring all legally recognized companies with sensitive data to meet a minimum cybersecurity standard. 

(5) Start building infrastructure, products and applications with core security as the priority. Due to the fast-paced, competitive nature of the U.S. economic market, businesses build infrastructure, products and applications with an eye towards minimizing production time. To some extent, this is a good thing: it encourages further growth and market competitiveness. However, it also causes the developers to neglect the wise security measures. The U.S. government should encourage and even require companies to prioritize security over other principles of production. 

Why This Initiative Is Important

Ransomware attacks are a grave threat to American security. Cybercriminals are innovative, developing novel techniques to enhance the destructive power of ransomware attacks — and they are constantly looking for new targets. Data theft, economic loss and critical infrastructure damage follow. Computers and automated machines are embedded in the transportation, energy, nuclear, healthcare and education sectors more than ever, and any kind of successful ransomware or any type of cyber attack on these sectors could be catastrophic. 

Acknowledgements

The following student worked on this proposal: Sayyed H. Razmjo.

Sources

“Cybersecurity Legislation for Enhanced Cyber Incident Reporting Passes Senate, Awaits House Vote.” CPO Magazine, 8 Mar. 2022, https://www.cpomagazine.com/cyber-security/cybersecurity-legislation-for-enhanced-cyber-incident-reporting-passes-senate-awaits-house-vote/

Sobers, Rob. “81 Ransomware Statistics, Data, Trends and Facts for 2021.” Varonis, https://www.varonis.com/blog/ransomware-statistics-2021.

”The Strengthening American Cybersecurity Act: What to Know and How to Comply.” Center for Digital Government, 2022, https://papers.govtech.com/The-Strengthening-American-Cybersecurity-Act-What-to-Know-and-How-to-Comply-141446.

comments powered by Disqus
Ads

Video Site Tour

ONC

Subscribe to ONC Newsletter.

ONC