US cybersecurity officials have unveiled a new program that warns critical American companies about ransomware attacks.
Eric Goldstein, a senior official with the US Cybersecurity and Infrastructure Security Agency, said that the new federal program was necessary because of 'the pace and impact of (ransomware), intrusions still being unacceptable.
Ransomware attacks like the 2021 incident, which temporarily shut down America's largest oil pipeline, disrupted key services and have become a national security concern for the Biden administration.
Federal officials and private investigators have struggled to contact hospitals and universities in recent years, in the critical window between the time a hacker gains network access and the time they lock it up and demand a ransom of multimillion dollars.
CISA's new program aims to change this. The agency claims to have notified 60 organizations, including key sectors such as healthcare and water, that ransomware could be a problem. Goldstein stated that many were able stop their systems being encrypted. He said that in other cases, however, they were able to assist the hackers in time but not stop them from taking action.
It is simple and relies on backchannels between government officials, researchers, and potential victims.
A lot of the warning signs that a ransomware attack could be imminent are known, including a compromised computer in an organization that is online. CISA offers an email tip line for cybersecurity professionals that can flag such vulnerabilities. The agency then rushes in to contact the hacker before they become extorted.
Although the FBI has over 50 field offices in the United States, CISA has less personnel that can go door-to-door and respond to security emergencies. Goldstein stated that the agency has increased the number of advisers who are available to call or text companies in order to warn them about ransomware.
If the program is to be successful, it will need to have strong connections between federal employees and local schools or companies.
Allan Liska is a ransomware expert at cybersecurity firm Recorded Future. He recalled how he tried to contact a Midwest municipal government in 2021, which he believed had been compromised. Liska was unable to reach the correct person at the town government. He said that a ransomware gang had listed the town online as a victim.
Liska stated that ransomware was like the Travis Kelce malware. This refers to the Super Bowl-winning Kansas City Chiefs tight ending. It is a fact that everyone knows it's coming but very few organizations are able to stop it.
The ransomware problem has been attacked by the US on many fronts. They have arrested alleged cybercriminals and sanctioned cryptocurrency services. There are indications that hackers are being paid less by victims. Ransomware revenue fell to about $457 million in 2022, down from $766 million in 2021, according to data from cryptocurrency-tracking firm Chainalysis.