At a glance.
- Perspective on ransomware.
- Ransomware disclosure deadlines.
Perspective on ransomware.
As the US prepares to organize multinational discussions of ransomware and what to do about it, US officials say they’ve seen no diminution of ransomware. General Nakasone, Director, NSA, said at Mandiant’s summit yesterday that ransomware is a national security issue, and that he expects it to remain such for the foreseeable future. TheHill quotes General Nakasone as saying that he expects the US to come under ransomware attack “every single day.”
Deputy National Security Advisor for Cyber and Emerging Tech Anne Neuberger said, Nextgov reports, that the thirty-nation meeting the US intends to convene will focus on ways of improving resilience, on increasing visibility through anti-money laundering efforts in particular, on holding nation-states accountable for harboring cyber criminals, and on helping to build capabilities in other countries.
Nuspire emailed us a preview of their Q2 Threat Report, which gives some of the context the private sector is observing with respect to ransomware:
“Q2 2021 contained one of the most notable ransomware attacks in recent history when Colonial Pipeline was attacked by the DarkSide ransomware gang. In the aftermath of the attack, the threat actors decided to shut the group down due to pressure from governmental authorities. In early Q3, REvil, another notorious gang, also appears to have shut down with no explanation. We know a new group called BlackMatter has emerged from the ashes. Threat intelligence reveals that BlackMatter is actively seeking access to organizations in the U.S., Canada, Australia and the UK by offering payment to initial access brokers to gain access to networks and begin launching campaigns.
“Nuspire witnessed a 55,239% increase in ransomware activity during the second and third weeks of Q2. This places the activity just prior to the ransomware attack on Colonial Pipeline by the now defunct DarkSide ransomware gang and potentially links this activity to DarkSide. This spike in activity trailed off and remained relatively low until the end of Q3. Ransomware continues to be a plague on organizations and with the arrival of the BlackMatter ransomware gang, activity will likely increase to the end of the year.”
Ransomware disclosure deadlines.
US Senator Elizabeth Warren (Democrat of Massachusetts) and Representative Deborah Ross Democrat, North Carolina 2nd District) have introduced a “Ransom Disclosure Act” that would require victims to report a ransomware incident within forty-eight hours.
Tim Erlin, VP of Strategy at Tripwire, offered some measured animadversions:
“If the objective is to gather as much accurate information as possible about ransomware payments, then this legislation needs to ensure that victims aren’t worried about legal repercussions when reporting payments. As it stands, this bill would put victims in a tough spot, afraid to report a payment and afraid not to.
“Information sharing is a key factor in fighting ransomware, but a government custodian of that information isn’t the right solution. An independent entity should collect ransomware incident information, including payments, and provide anonymized, aggregate information back to the government. Victims need to be confident that their complete reporting won’t result in additional consequences.”