Science & Technology

Government and industry cooperation could be the most powerful ransomware antidote

The criminal industry, built around hackers who steal and encrypt organizational data and demand payment for its return, has become a global tragedy. Moreover, this is not just a corporate issue. Government agencies, schools, and even hospitals are confused by ransomware attacks. In short, this type of cybercrime has many consequences.According to multiple security vendors, It’s just a matter of getting worse.

You may think that there isn’t much good news to report on the ongoing disruption of ransomware. But in all the darkness, there was some good news in October.A group of public and private sector groups from several countries working together, led by Russia REvil..International Task Force for Law Enforcement and Intelligence Cyber ​​Specialists Hacked REvil’s network, Controlled some of the servers and put them out of business.

According to Tom Kellermann, VMware’s head of cybersecurity strategy and advisor to the U.S. secret service for cybercrime investigations, REvil’s removal collaborators are the FBI, cybercommands, secret services, and “similar countries. “was. The White House National Security Council also mentioned the government’s ransomware efforts to work with the private sector. In the fight between the information security community and ransomware cybercriminals, it seems clear that those who are good at cooperating with allies will have the upper hand. So far, the distinction has been directed towards cybercriminals.

Following his company’s success against BlackMatter, Emsisoft threat analyst Brett Callow Said New York Times, “The reason ransomware operators have escaped many crimes is that until recently there was very little cooperation and communication everywhere.” The ransomware group is better at working than the team trying to stop them. It is generally agreed that otherwise you will not be able to continue your business. The need for further cooperation in fighting ransomware Recent reports From the Ransomware Task Force of the Security and Technology Institute. “To mitigate the ransomware tragedy, we need to work together to bring together,” the report said.

But what makes cybercriminal collaboration effective? And what can the information security industry learn from how they operate? What criminals do well is to be careful when choosing who to work with. Their “affiliate partners” are carefully scrutinized to ensure they have the necessary skills and loyalty. It can be said that the federal government follows suit.What it is engaged in Wired. Description “The most serious constellation of cyber talentVarious government agencies responsible for cyber protection, such as cybersecurity and infrastructure security agencies, the National Security Agency, the US Cyber ​​Command, and the National Security Council, have all gathered in the US government.

Nonetheless, securing the best talent is useful only if they are effectively deployed, and again, it is something that the ransomware group has learned.their The ransomware (RaaS) profit sharing model as a service motivates these actors to constantly find new targets, while shifting hard work to more sophisticated professionals for a highly effective division of labor. Helps to do. Nonetheless, institutions tasked with cyber protection have overlapping responsibilities, but funding is limited and there are still significant gaps in the defensive environment.

Partial duplication of law enforcement responsibilities helps prevent criminal activity from slipping through cracks, given the limited resources available, but unnecessarily doubles the obligations made by the institution. It is also essential to make sure that it is not. In the affiliate structure adopted by the ransomware group, for example, there is a clear division between those who develop attack software and those who deploy it. This effectively plays a role for everyone in the crime ecosystem. Similarly, to get the most out of your agency, you need to set up a clear role structure in the infosec community.

Ransomware groups are also useful for pooling resources. The infosec community can emulate this through the response recommended in the Ransomware TaskForce report of the Institute for Security and Technology. It uses part of the cyber premium “on behalf of the victim to evaluate and pursue strategies aimed at returning, recovering, or seizing civil assets, in conjunction with law enforcement efforts.” Suggests. This can be a powerful way to focus industry efforts in a practical direction.

Recent federal initiatives, along with recent successes with REvil and Black Matter, suggest that authorities are benefiting from better collaboration. You may have succeeded in some of the recent battles, but you need to continue to fight efficiently with all the resources that can be gathered across the government and the private sector. For example, setting up a hub for private information security companies and researchers with a joint government agency task force can help them achieve effective collaboration for cybersecurity and cyber resilience. This structure allows both sides to build trust, leverage their strengths and strengths, and collaborate on in-service ransomware campaigns. This is a simple but potentially effective type of collaboration that you need to learn from the strengths of cybercriminals and beat them in their own games.

Government and industry cooperation could be the most powerful ransomware antidote

https://www.darkreading.com/attacks-breaches/government-industry-cooperation-may-be-the-most-potent-ransomware-antidote Government and industry cooperation could be the most powerful ransomware antidote

Back to top button