After spending some time this week helping our customers with ransomware preparation, I found a statement on the FBI’s website that would be a great tool for Financial Institutions (FIs) and really all businesses to know. This statement is the testimony given to the Senate Judiciary Committee just last week. As every official government statement seems, it is very lengthy, so I’ll help all to break it down to five key points you should know:
- A plan to pay a ransom is damaging to everyone. The FBI’s official stance for businesses is to not pay the ransom. The statement gives several reasons for this, which are very straightforward. First, when you pay the ransom keep in mind you are dealing with a criminal. A criminal really has no incentive to release your data with the ransom in their wallet, so the ransom is not a guarantee. Additionally, it does not promise that the sensitive data they already have will not be leaked causing further damage. Finally, paying the ransom further incentives the criminals to keep propagating the attacks. Ransomware is not a game-over scenario for institutions.
- Use your Incident Response Plan and if you don’t have one, make one. The FBI notes a stark difference among victims that have an incident response plan and those that don’t. Quick action and a cohesive response are vital to limiting the damage to your business. From an FI perspective, if we take a step back and think about this, we all have incident response and business continuity plans which are updated annually and have heavily invested in backups, redundant equipment, insurance, which are all components of resiliency. Resiliency is the answer to surviving a ransomware attack. Not to mention on the preventative controls we have in place, like employee training, knowledgeable cybersecurity professionals, network monitoring, antivirus, web filtering, etc. As an industry, institutions spend a lot of resources on their program viewing them as a compliance exercise and a penalty or cost. It’s time to start using them as they are intended: a strategic advantage!
- Build a relationship with your local FBI Office. The win for businesses here is that you will get information and help faster. The statement lists several opportunities to do so, “If you see us speaking at an event in your area, show up, and talk to us after, we would be thrilled to meet your CEO, chief information security officer, general counsel, or anyone who has a role in keeping your networks secure and incident response. But it cannot stop there. Continue to share information with us after that meeting, and you have my word we will do the same back to you.”
- If you are compromised or even think you are compromised, report it as quickly as you can. Contact the Internet Crime Complaint Center at ic3.gov, your local FBI field office or the agent with whom you’ve already built a relationship. This is quickly becoming a piece of FI’s checklists or playbooks because the FBI may have come across a decryption key or could quickly get to one based on information and experience in previous attacks. What this means, is they may have a ‘Get out of jail free card’ of sorts. Even if not, information related to your attack could help them prevent or help another business in the future.
- Keep an eye out for mandatory reporting of ransomware incidents in the future. The statement explains, “Because far too many ransomware incidents go unreported, and because silence benefits ransomware actors the most, we wholeheartedly believe a federal standard is needed to mandate the reporting of certain cyber incidents, including most ransomware incidents. Unlike other types of cybercrimes, the victim will almost always know when a ransomware incident has occurred.” The statement asks for Congress’s support in passing a federal ransomware reporting standard. So, keep an eye out for further action on this.
The full statement is located here: (https://www.fbi.gov/news/testimony/america-under-cyber-siege-preventing-and-responding-to-ransomware-attacks).
If you need help with your Incident Response Plan, Tabletop Tests, or improving your cyber resiliency, please contact us at support@bedelsecurity.com.
Additional Resources:
5 Key Ransomware Controls
https://www.bedelsecurity.com/blog/5-key-ransomware-controls
CISA's Ransomware Guide Takeaways
https://www.bedelsecurity.com/blog/cisas-ransomware-guide-takeaways
5 Tips for Building an Effective Incident Response Plan
https://www.bedelsecurity.com/blog/5-tips-for-building-an-effective-incident-response-plan
5 Tips for Cyber Incident Tabletop Testing
https://www.bedelsecurity.com/blog/5-tips-for-cyber-incident-table-top-testing