Groups Similar Look up By Text Browse About



Similar articles
Article Id Title Prob Score Similar Compare
206726 ZDNET 2021-4-30:
Ransomware is now a national security risk. This group thinks it knows how to defeat it
1.000 Find similar Compare side-by-side
206969 ARSTECHNICA 2021-5-1:
An ambitious plan to tackle ransomware faces long odds
0.857 0.613 Find similar Compare side-by-side
206682 VENTUREBEAT 2021-4-30:
Ransomware task force unveils broad manifesto for fighting back
0.689 0.599 Find similar Compare side-by-side
206778 VENTUREBEAT 2021-4-29:
It’s now or never: Society must respond to the ransomware crisis
0.569 0.575 Find similar Compare side-by-side
206638 ZDNET 2021-4-27:
Ransomware extortion demands are growing, and so is the downtime caused by attacks
0.559 Find similar Compare side-by-side
206466 TECHREPUBLIC 2021-4-28:
Ransomware attack hits Washington, D.C. police department
0.153 0.475 Find similar Compare side-by-side
206702 VENTUREBEAT 2021-4-29:
Government and industry to combat ransomware with Bitcoin regulation
0.298 0.471 Find similar Compare side-by-side
206520 ARSTECHNICA 2021-4-28:
Ransomware crooks threaten to ID informants if cops don’t pay up
0.014 0.388 Find similar Compare side-by-side
206565 TECHREPUBLIC 2021-4-27:
Senator discusses priorities for advancing national cybersecurity legislation
0.384 Find similar Compare side-by-side
206648 ZDNET 2021-4-27:
FBI: Russian hackers are still trying to break into networks, here's how to protect yours from attack
0.333 Find similar Compare side-by-side
206569 ZDNET 2021-4-27:
UnitingCare Queensland security incident takes some systems offline
0.290 Find similar Compare side-by-side
207141 ZDNET 2021-5-3:
Facebook, Google, Twitter caution Australia against a blanket terrorism content ban
0.228 Find similar Compare side-by-side
207121 ZDNET 2021-5-3:
Acer Australia's full-year profit continues downward trend despite revenue uptick
0.219 Find similar Compare side-by-side
206422 ZDNET 2021-4-28:
Emotet botnet harvested 4.3 million email addresses. Now the FBI is using Have I Been Pwned to alert the victims
0.212 Find similar Compare side-by-side
206700 ZDNET 2021-4-30:
AFP issues search warrant following alleged dodgy tech support scheme
0.209 Find similar Compare side-by-side
206745 ARSTECHNICA 2021-4-29:
Conspiracy theorist said death threats were “jokes”—but jury didn’t buy it
0.207 Find similar Compare side-by-side
206659 ZDNET 2021-4-28:
COVID-19, WFH prompts spike in cyberattacks against banks, insurers
0.201 Find similar Compare side-by-side
206662 ZDNET 2021-4-28:
Microsoft mulls over tweaks to threat data, code-sharing scheme following Exchange Server debacle
0.201 Find similar Compare side-by-side
206714 VENTUREBEAT 2021-4-29:
AI-powered cybersecurity platform Vectra AI raises $130M
0.200 Find similar Compare side-by-side
206474 VENTUREBEAT 2021-4-27:
Cigent Technology melds security and storage to protect sensitive data
0.200 Find similar Compare side-by-side
206839 ZDNET 2021-4-29:
Accenture acquires French cybersecurity firm Openminded
0.198 Find similar Compare side-by-side
206828 ZDNET 2021-4-29:
Fintech Committee asks for separate software R&D scheme for Australia
0.193 Find similar Compare side-by-side
206711 ZDNET 2021-4-30:
Australia's eSafety and the uphill battle of regulating the ever-changing online realm
0.191 Find similar Compare side-by-side
206951 ARSTECHNICA 2021-4-30:
Mysterious health attacks like those seen in Cuba have come to DC
0.190 Find similar Compare side-by-side
206850 ZDNET 2021-4-30:
Home Affairs' online team referred over 1,500 violent or extremist items for take-down
0.186 Find similar Compare side-by-side

1

ID: 206726

URL: https://www.zdnet.com/article/ransomware-is-now-a-national-security-risk-this-group-thinks-it-knows-how-to-defeat-it/

Date: 2021-04-30

Ransomware is now a national security risk. This group thinks it knows how to defeat it

Recommendations ranging from additional support for victims to regulating Bitcoin to prevent it being used to extort payment aim to help protect society as a whole from being plagued by ransomware attacks. Ransomware is a growing international problem and it needs global cooperation in order to prevent attacks and take the fight to the cyber criminals behind the disruptive malware campaigns. A paper by the Institute for Security and Technology's (IST) Ransomware Task Force (RTF)  – a coalition of cybersecurity companies, government agencies, law enforcement organisations, technology firms, academic institutions and others – has 48 recommendations to help curb the threat of ransomware and the risk it poses to businesses, and society as a whole, across the globe. Members of the group include Microsoft, Palo Alto Networks, the Global Cyber Alliance, FireEye, Crowdstrike, the US Department of Justice, Europol and the UK's National Crime Agency. A winning strategy for cybersecurity (ZDNet special report) | Download the report as a PDF (TechRepublic)   Some of the solutions suggested include governments giving a helping hand to organisations affected by ransomware and providing them with the required cybersecurity support so they don't fall victim in the first place. Others focus on more direct action, such as taking the fight to ransomware gangs by disrupting their infrastructure, or even regulating Bitcoin and other cryptocurrencies that cyber criminals use to anonymously demand ransom payments from victims. Ransomware attacks involve cyber criminals compromising the networks of organisations – often via phishing attacks, stolen Remote Desktop Protocol (RDP) credentials or exploiting software vulnerabilities – and then encrypting as many files and servers with malware as possible. Organisations will in many cases only become aware they've been infected when they see a ransom note on the screens of machines across their network. Often, the victims feel as if they've got no option but to pay the ransom – which can amount to millions of dollars – in order to restore the network. Ransomware has been around for a number of years, but the cyber criminals behind the attacks are getting bolder, demanding ever-growing ransoms from targets and in many cases blackmailing organisations into payment by threatening to leak sensitive data stolen from the compromised network. And it isn't just sophisticated criminal gangs that are causing problems; the rise of ransomware as a service means that almost anyone with the skills required to navigate underground forums on the dark web can acquire and use ransomware, safe in the knowledge that they'll probably never face being arrested for their actions. "The tools are available to malicious actors to ramp up the scale of what they want to do and be able to get away with it. That's what happens as technology diffuses into society and you have inadvertent ramifications which have to be dealt with," says Philip Reiner, executive director of the RTF and CEO of IST. "We're grappling with that as a global society and we have to come up with better solutions for the problems it presents. " Ransomware isn't new, it's existed in one form of another for decades and the threat has been rising over the past five years in particular. While it's perceived as a cybersecurity problem, a ransomware attack has much wider ramifications than just taking computer networks offline. Ransomware attacks are increasingly targeting critical infrastructure, and crucially, over the course of the past year, healthcare.  But many organisations still aren't taking the necessary precautions to protect against ransomware, such as applying security patches, backing up the network or avoiding the use of default login credentials. These concerns are viewed as issues for IT alone, when in reality it's a risk that needs the focus of the entire business. "We have to stop seeing leaders think of this as a niche computer problem; it's not, it's a whole business event. You should think about ransomware in the same way you think about flooding or a hurricane – this is a thing that will close your business down," says Jen Ellis, vice president of community and public affairs at Rapid7 and one of the RTF working group co-chairs. "But we don't. We think about it as a niche computer event and we don't recognise the impact it has on the entire business. We don't recognise the impact it has on society." In 2017, the global WannaCry attack demonstrated the impact ransomware can have on people's everyday lives when National Health Service (NHS) hospitals across the UK fell victim to the attack, forcing the cancellation of appointments and people who came for treatment being turned away. But years later, the problem of ransomware has got worse and in some cases hospitals around the world are now actively being targeted by cyber criminals. "You would think there would be no greater wake-up call than that, yet here we are years later having these same conversations. There's a real problem with how people think about and categorise ransomware," says Ellis. To help organisations recognise the threat posed by ransomware – no matter the sector their organisation is in – the RTF paper recommends that ransomware is designated a national security threat and accompanied by a sustained public-private campaign alerting businesses to the risks of ransomware, as well as helping organisations prepare for being faced with an attack. But the Ransomware Task Force isn't just suggesting that governments, cybersecurity companies and industry are there to help organisations know what to do if faced by a ransomware attack – one of the key recommendations of the report is for cybersecurity companies and law enforcement to take the fight to the cyber-criminal groups behind the attacks. A recent operation involving Europol, the FBI and other law enforcement agencies around the world resulted in the takedown of Emotet, a prolific malware botnet used by cyber criminals – and something that had become a key component of many ransomware attacks. Many cyber criminals switched to using other malware like Trickbot, but some will have taken the fall of Emotet as a sign to give up, because finding new tools makes it that little bit harder to make money from ransomware. "If you're screwing with infrastructure, like going after Emotet, you're making it harder," says Chris Painter, president of the Global Forum on Cyber Expertise and former senior director for cyber policy at the White House. In line with this, the paper recommends that the pace of infrastructure takedowns and the disruption of ransomware operations should increase – ultimately with the aim of arrests and bringing criminals who develop and deploy ransomware to justice. Here's what they did next, and why they didn't pay upIt's notoriously difficult to apprehend members of ransomware groups, especially when it's an international problem. More often than not, the organisation that comes under a ransomware attack faces an extortion demand from someone who is in another country entirely. And that's a particular problem for European and North American governments, when large quantities of ransomware attacks by some of the most prolific groups appear to originate from Russia and former-Soviet states – countries that are highly unlikely to extradite suspected cyber criminals. But identifying cyber criminals isn't impossible – the United States has indicted individuals from Russia for the NotPetya cyberattacks, as well as naming and shaming three North Koreans for their involvement in the WannaCry ransomware attack. Meanwhile, Europol has previously arrested individuals for being involved in ransomware attacks, demonstrating that, while difficult, it isn't impossible to track cyber criminals down and bring them to justice. One key factor that has allowed ransomware to succeed is that attackers are able to demand payments in Bitcoin and other cryptocurrency. The nature of cryptocurrency means that transactions are difficult to trace and, by the time the Bitcoin has been laundered, it's almost impossible to trace back to the perpetrator of a ransomware attack. The Ransomware Task Force suggests that in order to make it more difficult for cyber criminals to cash out their illicit earnings, there needs to be disruption of the system that facilities the payment of ransoms – and that means regulating Bitcoin and other cryptocurrency. "It's recognising that cryptocurrency has a place and there's a reason for it, but also recognising that it's notoriously being used by criminals – is there more that can be done there to make it harder for criminals to use it, or make it less advantageous to them," says Ellis. Recommendations in the report for decreasing criminal profits include requiring cryptocurrency exchanges to comply with existing laws and to encourage information exchange with law enforcement. The idea is that by applying additional regulation to cryptocurrency, it allows legitimate investors and users to continue using the likes of Bitcoin and Monero, but makes it harder for cyber criminals and ransomware gangs to use it as an easy means of cashing what they've extorted out of victims – to the extent that, if it's too difficult, they won't bother with attacks in the first place. "If they're using cryptocurrencies as a way to hide, if you have more compliance with existing regulations, it makes it tougher for them," says Painter. The paper offers 48 recommendations and has been presented to the White House. It's hoped that with cooperation across the board, businesses can be provided with the tools required to prevent ransomware attacks, governments can get more hands-on with providing help, and law enforcement can hunt down ransomware attackers – but it's only going to work if ransomware is viewed as global problem, rather than one for individual organisations or governments to fight alone. "What's really important is that this has an international perspective on it, because it's not an American problem , it's an international problem," says Reiner.