U.S. government ramps up fight against malware

Featured image

Share this article

U.S. Government Ramps Up Fight Against Malware - Paubox

 

The war on ransomware continues to escalate.

The year 2020 was historic for the global COVID-19 pandemic. Last year was also the worst year ever when it came to malicious software attacks on companies, governments, and organizations, including the SolarWinds hack, which recent HIPAA Critical podcast guest Greg Reber called “the biggest information breach that we’ve ever seen.”

The year 2021, it seems, is on track to be even worse.

A united federal front

In the past few months, the U.S. government has massively stepped up its efforts to combat ransomware, enlisting a wide range of federal agencies.

In April, the Ransomware and Digital Extortion Task Force was formed, bringing together FBI agents and Justice Department prosecutors to coordinate the U.S. response to ransom attacks.

The Department of Homeland Security (DHS), meanwhile, launched a multi-phase cybersecurity initiative, with one of the first 60-day sprints dedicated to ransomware.

Even the largely independent National Institute of Standards and Technology (NIST) launched an information campaign against ransomware.

A ransomware epidemic

Ransomware attacks have had a massive impact on the American economy, and even everyday citizens.

A major American oil pipeline was knocked offline by ransomware in May, constraining the fuel supply across the southeast U.S. and prompting record-high gas prices. Soon thereafter, ransomware took out the world’s largest meat supplier, disrupting food processing and distribution nationwide.

And just last week, New York City officials revealed that its public transit authority had been hacked, marking the third known cyberattack on U.S. transportation infrastructure.

Described by some as a “ransomware epidemic,” these headlines follow dozens of others reporting on attacks that have disrupted hospitals, state governments, and military operations.

Indeed, as the worst criminal actors are often traced back to foreign nations hostile toward the U.S., there are increasing calls for the military to join the fight.

Ransomware on par with terrorism

On Thursday, Reuters exclusively reported that the U.S. Department of Justice has elevated its investigations of ransomware attacks to a level more commonly reserved for terrorism investigations.

According to an internal report, later published in full, the move is designed to enhance and centralize internal tracking at the department so that it can “make necessary connections across national and global cases and investigations, and to allow us to develop a comprehensive picture of the national and economic security threats we face.”

The types of cases now subject to this reporting requirement include anti-virus countermeasures, black market forums or marketplaces, cryptocurrency exchanges, decentralized hosting services, botnets, and money laundering services.

The report specifically cited the Colonial Pipeline hack as an example of the “growing threat that ransomware and digital extortion pose to the nation.”

White House sounds the alarm

That same day, the White House issued an open letter to U.S. businesses, urging them to prioritize their cybersecurity efforts.

“Much as our homes have locks and alarm systems and our office buildings have guards and security to meet the threat of theft, we urge you to take ransomware crime seriously and ensure your corporate cyber defenses match the threat,” wrote deputy national security advisor Anne Neuberger.

She called on corporate leadership teams to “immediately convene” to discuss the ransomware threat and their business continuity plans.

“No company is safe from being targeted by ransomware, regardless of size or location,” she wrote. “Companies that view ransomware as a threat to their core business operations rather than a simple risk of data theft will react and recover more quickly.”

Prevention and preparation is the best defense

Our advice on ransomware from five years ago stands true today: take a proactive approach to avoid having to react to a bad situation already in progress.

Investing in ongoing cybersecurity training is important, but it’s not a silver bullet. It should be part of a layered security approach, which also includes technical safeguards, access controls (like password policies), a business continuity plan, off-site backups, VPNs and firewalls, and perhaps most importantly, email security.

Email security—a necessary protective measure

Paubox Email Suite Plus provides needed inbound email security protection and requires no change in behavior to send encrypted, HIPAA compliant email.

With our HITRUST CSF certified solution, all emails are encrypted directly from an existing email platform (such as Microsoft 365 and Google Workspace). No extra logins, passwords, or portals for sender or recipient to read a message.

Paubox Email Suite Plus also comes with ExecProtect, built to block display name spoofing emails from reaching the inbox in the first place.  Our Zero Trust Email feature also requires an additional piece of evidence to authenticate every single email before being delivered to your team’s inboxes.

Spoofing can catch victims off guard, which is why organizations must be proactive with strong security features in place to eliminate future problems.

Try Paubox Email Suite Plus for FREE today.
Author Photo

About the author

Ryan Ozawa

Read more by Ryan Ozawa

Get started with
end-to-end protection

Bolster your organization’s security with healthcare’s most trusted HIPAA compliant email solution

The #1-rated email encryption 
and security software on G2

G2 Badge: Email Encryption Leader Fall 2022
G2 Badge: Security Best Usability Fall 2022
G2 Badge: Encryption Momentum Leader Fall 2022
G2 Badge: Security Best Relationship Fall 2022
G2 Badge: Security Users Most Likely to Recommend Fall 2022
G2 Badge: Email Gateway Best Relationship Fall 2022
G2 Badge: Email Gateway Best Meets Requirements Fall 2022
G2 Badge - Users Most Likely to Recommend Summer 2022
G2 Badge: Email Gateway Best Results Fall 2022
G2 Badge: Email Gateway Best Usability Fall 2022
G2 Badge: Email Gateway Best Support Fall 2022
G2 Badge: Email Gateway Easiest To Use Fall 2022
G2 Badge: Email Gateway Easiest Setup Fall 2022
G2 Badge: Email Gateway Easiest Admin Fall 2022
G2 Badge: Email Gateway Easiest to do Business with Fall 2022
G2 Badge: Email Gateway Highest User Adoption 2022
G2 Badge: Email Gateway High Performer Fall 2022
G2 Badge: Email Gateway Momentum Leader Fall 2022
G2 Badge: Email Gateway Most Implementable Fall 2022
G2 Badge: Email Gateway Users Most Likely to Recommend Fall 2022