The Senate Homeland Security and Governmental Affairs Committee published a new report entitled America’s Data Held Hostage: Case Studies in Ransomware Attacks on American Companies. The report summarizes the events experienced by three targets of the REvil ransomware gang. The organizations vary in size, sector, and dedicated cybersecurity resources. In addition, the report has background information on Russian cyber aggression, including attacks against Ukraine. Key findings included:
— All organizations, regardless of size and sophistication, are susceptible to ransomware attacks.
— Ransomware gangs often use phishing attacks to gain initial access to victim networks.
— In past ransomware attacks, multifactor authentication, zero trust principles, and network segmentation helped prevent attackers from gaining access to more sensitive data in a victim’s networks.
— Maintaining offline backups and a well-defined incident response plan helped victims resume critical operations quickly without paying a ransom, when attackers did get in.
— The laws and regulations at the time discouraged victims from sharing information with other potential victims that could prevent future ransomware attacks.
— Until recently, there was no Federal agency charged with collecting and tracking reports of cyber incidents to prevent and mitigate future attacks