Reading:
Why Do States Take Various Steps to Stop Ransomware Attacks?

Why Do States Take Various Steps to Stop Ransomware Attacks?

October 15, 2021

Thirty-one countries and European Union’s representatives involved in a two-day “ransomware summit” led by the US have released a joint statement pledging to make systems more resilient against the attack and outline measures taken to disrupt the criminal groups involved.

So what prompted more than 30 countries to act on this issue? We continue to inform you about ransomware during Cyber Security Awareness Month. In this blog post, we will address the latest decision taken by countries to stop ransomware attacks after the summit that ended yesterday and the process leading up to that decision.  

More Than 30 Countries Outline Efforts to Stop Ransomware This Week

Thirty-one countries agreed that ransomware is a growing threat with significant security implications. Countries reiterated that ransomware requires a concerted response because of how complex the problem is.

Countries pledged to make systems more resilient through policy measures, more resources, clear management structures, well-rehearsed incident response procedures, trained workers, and private sector partnerships at the end of the two-day summit. In the shared statement, countries urged organizations to maintain offline data backups, request timely patches, and use stronger passwords with MFA.  

The statement mentioned other ways to limit the effectiveness of ransomware gangs, including disrupting payment networks. The countries said they plan to “block, monitor and block ransomware payment flows by national laws and regulations.” According to the statement, law enforcement and “financial intelligence units” will be deployed to help disrupt the ransomware business model.

The countries pledged to work together to “force others to do the same urgently to counter cybercriminal activity originating in our region and to eliminate safe havens for operators conducting such destructive and unstable operations.”

There are No Nation-level Ways to Fight, Still

No measures have been taken so far at the state level against ransomware attacks. In recent months, the fallout from ransomware attacks has received widespread public attention.

After acute ransomware attacks, such as Colonial Pipeline, in July, President Joe Bidens’ administration announced the creation of a multiagency task force to combat ransomware. It launched a new website to help companies and government agencies better protect themselves.

A report in Reuters refers to the administrative measures taken against ransomware attacks at the state level in the USA. However, no country in the world has a specially developed legal regulation or national level measure for these attacks.  

Some cybersecurity professionals are skeptical about states banning ransom payments and take action against government-level ransomware attacks. According to a Pew Research article, for many local governments, it would cost them a lot more money to start over from scratch and rebuild everything, not to mention all the data they would be losing.

Dan Lohrmann, chief security officer for Security Mentor, says, “Even if governments were able to rebuild their systems, that doesn’t guarantee cybercriminals wouldn’t attack and sell the data on the dark web.”



How Can Governments Protect Themselves Against Ransomware Attacks?

Governments are particularly vulnerable to challenges in cyberspace, and they need specific guidance if they want to be more cyber-secure. To better capture the cyberattack landscape and offer concrete recommendations, the R Street Institute recently published a report called “Developing State and Local Cybersecurity Responses.”

After analyzing government incident reports, interviewing various practitioners and experts, and examining models of response and organization, the R Street Institute has compiled a list of best practices for governments.

The report emphasizes that the continued defense of increased resources for personnel and finances may be the first measure that can be taken to prevent ransomware attacks. According to a 2020 report by the National Association of State Information Officials, governments typically spend less than 3% of their IT budgets on cybersecurity.  

While the recovery costs of cyberattacks cost anywhere from $ 665,000 to $ 40.53 million, only a 2% cyber budget is understaffed in today’s digital age.

Governments can strengthen their cybersecurity knowledge by building systems that leverage private sector resources. Having commercial cybersecurity assistance for sharing information and tools among employees can significantly improve existing protocols. Such knowledge-sharing practices can also strengthen cyber defense measures as they encourage a variety of approaches.

According to another recommendation cited in the report, public officials at all levels of government should also create a cyberattack response plan and a planning framework. Making each part of the plan as detailed as possible can increase cybersecurity capabilities for prevention and response manageable, incremental steps. Educating government agencies to create better emergency planning structures by following best practices based on experience can make future challenges more manageable.

Governments can be better prepared by learning from each other. The better the information-sharing systems between the state and local levels, the better organizations can develop organic cyber response approaches and capabilities for more resilient structures.

References

[1]White House Ransomware Summit Shared Statement
[2]How the United States Can Deter Ransomware Attacks
[3]Enhancing State and Local Cybersecurity Responses Report
[4]Ransomware Regulations
[5]Pew Research Center Article


Discover SOCRadar® Free Edition

With SOCRadar® Free Edition, you’ll be able to:

  • Discover your unknown hacker-exposed assets
  • Check if your IP addresses tagged as malicious
  • Monitor your domain name on hacked websites and phishing databases
  • Get notified when a critical zero-day vulnerability is disclosed

Free for 12 months for 1 corporate domain and 100 auto-discovered digital assets. Try for free