Attorneys general have a critical and multi-faceted role in combatting cybercrime and addressing public and private sector cybersecurity issues. Recently, threat actors have exploited security vulnerabilities to launch ransomware attacks on governments, healthcare facilities, supply chains, and critical infrastructure. These resources are focused on aiding attorney general offices and the public in understanding, preventing, and combatting the ransomware threat.
What is Ransomware?
Ransomware is a type of malicious software, or malware, that encrypts a victim’s files and data. Perpetrators demand a ransom to be paid with cryptocurrency in exchange for the decryption key. Even when the ransom is paid, there is no guarantee that the decryption key will work, that the data will not be encrypted, or that the data has not been copied and exposed. Victim organizations are discouraged from paying the ransom to disincentivize future attacks. Forensics and data recovery specialists are often retained to assist in remediation and recovery efforts.
How is Ransomware Spread?
Ransomware is commonly spread through phishing emails that contain malicious attachments, such as PDFs or Word documents, or links to websites containing malware. It is also spread by unknowingly visiting infected websites or clicking on malicious advertisements, known as malvertisements.
How to Protect Against Ransomware
Every organization is at risk of cyber intrusions and disruptions. To mitigate the risk and minimize the attack surface, cybersecurity experts recommend businesses and organizations implement the following processes and procedures:
- Use multifactor authentication
- Deploy endpoint detection and response tools to protect the network.
- Encrypt data so that if stolen, it is indecipherable.
- Utilize a skilled and empowered security team to monitor network security and respond to security events.
- Maintain and regularly test backups and system images for rapid recovery.
- Regularly update and install patches on software, operating systems, and infrastructure to address known vulnerabilities.
- Segment business and operational networks so that unaffected systems can be isolated and continue operating without disruption.
- Create and regularly test an organizational Incident Response Plan to maintain readiness.
- Utilize a third-party auditor to evaluate security controls, policies, and practices to identify vulnerabilities.
Attorneys General on Ransomware
Attorneys general are actively engaged with state, federal, and international partners on efforts to combat ransomware. On June 2, 2021, a bipartisan group of attorneys general met with Anne Neuberger, deputy national security advisor for Cyber and Emerging Technology, to discuss ways to address ransomware. A readout of that meeting and related resources are listed below:
- AG Tong Alerts Businesses and Government Entities to Take Prompt Action to Protect Operations and Personal Information
- Readout of Deputy National Security Advisor for Cyber Anne Neuberger Meeting with the Bipartisan National Association of Attorneys General
- What We Urge You To Do To Protect Against The Threat of Ransomware
Explore the resources below to better understand, prevent, and combat ransomware.
Cybersecurity and Infrastructure Security Agency
Federal Bureau of Investigation
National Institute of Standards and Technology
New Jersey Cybersecurity & Communications Integration Cell
No More Ransom!