Organizations have the responsibility to protect the data they hold and safeguard their systems. This can be challenging, as technology changes in size and complexity, and as resources and workforces become more limited. Organizations must remain vigilant, as outside parties may attempt to gain unauthorized access to sensitive data through ransomware.

Ransomware refers to a business model and a wide range of associated technologies that bad actors use to extort money. The bad actors use a range of tactics to gain unauthorized access to their victims’ data and systems, including exploiting unpatched vulnerabilities, taking advantage of weak or stolen credentials, and using social engineering. Access to the data and systems is restricted by the bad actors, and a ransom demand is made for the “safe return” of these digital assets.

There are several methods such actors use to restrict or eliminate legitimate access to resources, including encryption and deletion, modified access controls, and network-based denial of service attacks. In some cases, even after data access is restored, bad actors have demanded a “second ransom,” promising that its payment guarantees the deletion of victims’ sensitive data, instead of selling it or publicly releasing it.
Ransomware attacks are typically opportunistic in nature, targeting end users through emails, embedding malicious code within websites, or gaining access through unpatched systems. Ransomware can cost organizations a significant amount of resources in response and recovery, as well as impact their ability to operate.

Click to download

Ransomware attacks—the use of malicious software to deny users access to data and information systems to extort ransom payments from victims—are prevalent. A recent notable example is the May 2021 ransomware attack that temporarily shut down the Colonial Pipeline Company’s network, affecting gasoline availability and prices. This attack is but one of many; in 2020 alone, the Federal Bureau of Investigation (FBI) received nearly 2,500 ransomware complaints with losses exceeding $29 million.

Federal law provides several potential approaches to combat ransomware attacks. First, federal criminal laws, such as the Computer Fraud and Abuse Act (CFAA), can be used to prosecute those who perpetrate ransomware attacks. These laws and others, such as the statutes criminalizing conspiracy and aiding and abetting, might also be used to prosecute individuals who help to develop ransomware that is ultimately used by others. Victims who pay ransoms might also be subject to criminal or civil penalties in some cases—for example, where a ransom payment is made knowingly to an entity either designated as a foreign terrorist organization or subject to sanctions by the Department of Treasury. Nevertheless, policy considerations, mitigating factors, and prosecutorial discretion may weigh against enforcement in such instances.

Second, federal cybersecurity laws play an important role in both preventing and responding to ransomware attacks. Cyber preparedness laws require federal agencies to secure their networks and authorize the Cybersecurity and Infrastructure Security Agency (CISA) and Office of Personnel Management (OPM) to establish federal network security requirements. Other cyber preparedness laws authorize federal agencies to assist private entities operating in critical infrastructure sectors in securing their systems. Moreover, many data protection laws include requirements for covered entities to safeguard customer or consumer data. If a ransomware attack or other cyber incident occurs, federal law requires CISA and other federal agencies to work together to mitigate harm to federal networks and authorizes them to assist private entities in incident response and damage mitigation.

Click to download

The Information Technology Laboratory (ITL) at the National Institute of Standards and 26 Technology (NIST) promotes the U.S. economy and public welfare by providing technical 27 leadership for the Nation’s measurement and standards infrastructure. ITL develops tests, test 28 methods, reference data, proof of concept implementations, and technical analyses to advance the 29 development and productive use of information technology.

(more…)

The cyber threat landscape is highly dynamic and extremely difficult to keep pace with. Attackers are not only developing new techniques to evade security, but threats—such as spam, phishing, and malware—are growing in complexity and precision. The importance of having a robust defense against such attacks was highlighted by the SolarWinds breach, a large-scale hack of government and private information technology (IT) assets that became public in December 2020.

(more…)

Protecting our personal Information and Cyber security is a demanding task for all web users. Protecting our laptop and desktop computers by installing and updating anti-virus security software will prevent Spreading of malwares.

(more…)