The Ransomware Plague Continues, but the Response Model Is Changing

Ransomware is a term that has entered popular speech as it has echoed across the front pages of newspapers and the internet. While most people might not understand exactly how ransomware works, or how it might be launched by a “Zero Day” exploit, they understand it locks the holder out of computers that store highly sensitive information ranging from a company’s intellectual property to the private personal information of consumers, medical patients, and others like them. Individuals fear the disclosure of that information and potential identity theft. Government fears the national security impact on our critical infrastructure and electoral politics when state-sponsored or protected actors block access to the data that runs modern society.

Both consumers and government agents are all too aware, for example, of the recent Colonial Pipeline ransomware incident, where a gang of cyber thieves protected by the government of Russia was able to shut down East Coast gasoline deliveries for a period of days. Besides the inconvenience, the incident highlights the potential disruption of our transportation, health care, and communication systems if a hostile nation were to launch a successful full-scale cyberattack against the U.S.

Both the public and private sectors have responded. On Sept. 30, 2020, the Cybersecurity & Infrastructure Security Agency (CISA), acting in tandem with the Multi-State Information Sharing & Analysis Center (MSISAC), released a joint Ransomware Guide. The Guide outlined the best practices to assist in preventing and protecting against a ransomware attack and, assuming that an attack had occurred, minimizing its effect and fostering recovery. The Stop Ransomware campaign describes what ransomware is and how to prevent and respond to it with a ubiquitous “tool kit.”