Ransomware attacks continue to plague companies throughout the world. Ransomware is malware that encrypts a computer system and related data, making the system unusable and the data unreadable. The cybercriminal instigating the ransomware asks for money, usually in cryptocurrency, in exchange for a key to decrypt the systems and data. Sometimes attackers first steal sensitive data and then encrypt the victims’ system, threatening to release the stolen information if the victim refuses to pay the ransom.
The Senate Committee on Homeland Security and Governmental Affairs released a report providing information about attacks on three American companies by REvil, a Russia-based ransomware group. The report details the experiences of the three companies during the incident response. The goal of the report is to present information companies can use to prepare for and respond to ransomware attacks.
The report finds
- All organizations, regardless of size and sophistication, are susceptible to ransomware attacks.
- Ransomware groups often use phishing attacks to gain initial access to victim networks.
- In past ransomware attacks, multifactor authentication, zero trust principles, and network segmentation helped prevent attackers from gaining or increasing access to sensitive data in a victim’s networks.
- Maintaining offline backups and a well-defined incident response plan helped victims resume critical operations quickly without paying a ransom, when attackers did get in.
- The laws and regulations at the time discouraged victims from sharing information with other potential victims that could prevent future ransomware attacks.
- In two cases reviewed, the FBI prioritized its investigative and prosecutorial efforts to disrupt attacker operations over victims’ need to protect data and mitigate damage.
- Until recently, there was no Federal agency charged with collecting and tracking reports of cyber incidents to prevent and mitigate future attacks.
A copy of the report may be accessed by clicking here.