By Jill Bright | Guest Author Diana Hoffman | Chicago Title
The Cybersecurity and Infrastructure Security Agency (CISA) has put together a comprehensive website that contains tools for victims. One of these tools is a Ransomware Guide which includes a comprehensive checklist for victims and is available on their website at https://www.cisa.gov/stopransomware/ransomware-guide.
There are plenty of private firms that offer forensic, incident response, and recovery services. In addition, the Federal Government has set up resources that companies can contact voluntarily for assistance. These resources offer two types of assistance.
- The first type of assistance is technical in nature. CISA and the Multi-State Information Sharing and Analysis Center (MS-ISAC) are agencies that have extensive knowledge of the tactics and variants criminals use to infiltrate their victims’ computers and networks. They may be able to provide technical details on the attack and recommend mitigation strategies and actions. The agencies can be contacted directly for assistance.
- The FBI and U.S. Secret Service are the agencies to contact to initiate a criminal investigation. They will investigate with the goal of bringing the perpetrators to justice while also investigating any links to other attacks and threats to our national security. Ransomware complaints can be filed directly with the FBI at https://www.ic3.gov/Home/Ransomware or with the Secret Service at https://www.secretservice.gov/contact/field-offices/.
The victim must decide whether they should pay the ransom or not. However, the federal government does not support the ransom payment in response to a ransomware attack. Paying the ransom does not guarantee the criminal will deliver the decryption software/keys or restore the stolen data. In addition, paying the ransom can also encourage the criminals to carry out more attacks and can attract new criminals looking to make a quick buck. It can also fund illicit activities or parties, in violation of the law. If the victim does not remediate the original vulnerability, the criminal may carry out the same ransomware attack again. More recently, in a twist on the typical ransomware scheme, criminals have exfiltrated sensitive data and threatened to sell or release the data on the black market unless a ransom is paid.
Whether a victim pays a ransom or not, the government still encourages victims to report the attack. This enables the government to track ransomware activity and link possible syndicates to other successful attacks. It also allows government agencies to share information with the private sector that may be helpful to prevent any future attacks.
Article provided by contributing author:
Diana Hoffman, Corporate Escrow Administrator
Fidelity National Title Group
National Escrow Administration