The National Cyber Investigative Joint Task Force (NCIJTF) was officially established in 2008 and comprises over 30 agencies from law enforcement, the intelligence community and the department of defense. Yesterday the NCIJTF released an educational product designed to inform the public of the growing threat of ransomware. The NCIJTF has convened an interagency group of over 15 different government agencies to focus on the prevention of and response to ransomware. The NCIJTF acknowledges that while ransomware groups will attack any industry, they are predominantly concerned with attacks on the networks of critical infrastructure such as police and fire departments, governments, and hospitals. The reason for the prioritization is that attacks on such industries can endanger lives by delaying first responders from reacting to emergencies and may prevent hospitals from being able to care for patients.
To defend against a ransomware attack and prevent data loss, it’s important to maintain offline, encrypted backups of data and to regularly test them. Backups should be taken at regular intervals to ensure minimal data-loss if they are ever needed. Create and maintain an incident response plan that includes response and notification procedures for a ransomware incident. Regularly patch software and operating systems to the latest available versions. Employ best practices for use of RDP and other remote desktop services by protecting them behind a strong VPN with Multi-Factor Authentication (MFA) and auditing any unusual login events from IP addresses or devices that are different from what the employee account normally uses. Threat actors commonly gain initial access through insecure Internet-facing remote services or phishing. When an attack makes it through the outer layers of defense, it is important to have a Security Operations Center or a managed security monitoring service with expert security analysts on duty, such as the Binary Defense Security Operations Task Force. The Task Force provides a 24/7 monitoring solution of SIEM and endpoint detection systems to detect and defend from intrusions on an organization’s network.