Last updated at Fri, 29 Dec 2023 16:33:29 GMT

If you follow cybersecurity, you’ve likely seen one of the many articles written recently on the one-year anniversary of the Colonial Pipeline ransomware attack, which saw fuel delivery suspended for six days, 破坏ing air 和 road travel across the southeastern states of the US. 的 Colonial attack was the biggest cyberattack against US critical infrastructure, making it something of a game-changer in the realm of ransomware, so it is absolutely worth noting the passage of time 和 investigating what’s changed since.

这个博客将做到这一点, but I’ll take a slightly different tack, as I’m also marking the anniversary of the Ransomware Task Force’s (RTF) report, which offered 48 recommendations for policymakers wanting to deter, 破坏, 准备, 并回应 ransomware攻击. 的 report was issued a week prior to the Colonial attack.

Last week, I participated in an excellent event to mark the one-year anniversary of the RTF report. 会议期间, various ransomware experts discussed how the ransomware l和scape has evolved over the past year, how government action has shaped this, 和 what more needs to be done. 的 Institute for Security 和 Technology (IST), which convenes 和 runs the RTF, has issued a capturing the points above. 这 blog offers my own thoughts on the matter, but it’s not at all exhaustive, 和 I recommend giving the official 纸 a read.

High-profile attacks raised the stakes

Looking back over the past year, 在很多方面, the Colonial attack – along with ransomware攻击 on the Irish Health Service Executive (HSE) 和 JBS, the largest meat processing company in the world, all of which occurred during May 2021 – highlighted the exact concerns outlined in the RTF report. 具体地说, the RTF had been convened based on the view that the high level of attacks against healthcare 和 other critical services through the p和emic made ransomware a matter of national security for those countries that are highly targeted.

鉴于此, one of the most fundamental recommendations of the report was that this be acknowledged 和 met with a senior leadership 和 cross-governmental response. 的 Colonial attack resulted in President Biden addressing the issue of ransomware on national television. Subsequently, we have seen a huge cross-governmental focus 在ransomware, with measures announced from departments including Homel和 Security, 财政部, 正义, 和国家. We’ve also seen both Congress 和 the White House working on the issue. And while the US government has been the most vocal in its response, we have seen other governments also focusing on this issue as a priority 和 working together to amplify the impact of their action.

2021年6月, the Group of Seven (G7) governments of the world’s wealthiest democracies addressed ransomware at its annual summit. 由此产生的 公报 capturing the group’s commitments includes pledges to work together to address the threat. In October 2021, the White House hosted the governments of 30 nations to discuss ransomware. 该活动启动了 Counter Ransomware Initiative (CRI), committing to collaborate together to find solutions to reduce the ransomware threat. 的 CRI has identified key themes for further exploration 和 action, with a similar focus on deterring 和 破坏ing attacks 和 driving adoption of greater cyber resilience.

Status of the RTF recommendations

这 is all heartening to see 和 strongly aligns with the ethos 和 recommendations of the RTF recommendations. Drilling down into more of the details, there are many further areas of alignment, including the launch of coordinated awareness programs, introduction of sanctions, scrutiny of cryptocurrency regulations, 和 a focus on incident reporting regulations. RTF provides a great deal more detail on these areas of alignment 和 the progress that has been made, as well as the areas that need more focus.

这, 我相信, is the key point: A great deal of progress has been made, both in terms of building underst和ing of the problem 和 in developing alignment 和 collaboration among stakeholders, yet there is a great deal more work to be done. 的 partnerships between multiple governments — 和 between the public 和 private sectors — are hugely important for improving our odds against the attackers, but progress will not happen overnight. It will take time to see the real impact of the measures already taken, 和 there are yet measures to be determined, 发达, 和实施.

不确定的时期

We must keep our eye on the ball 和 stay engaged, which is not easy when there are so many other dem和s on governments’ 和 business leaders’ limited time 和 resources. 的 Russia/Ukraine conflict has undoubtedly been a very time-consuming area of focus, though expectations that offensive cyber operations would be a key element of the Russian action have perhaps helped increase awareness of the need for cyber resilience. 的 economic downturn is another huge pressure 和 will almost certainly reduce critical infrastructure providers’ investments in cybersecurity as the cost of business increases in other areas, resulting in budget cuts. While both of these developments may distract governments 和 business leaders from ransomware, they may also increase ransomware activity as economic deprivation 和 job scarcity encourage more people to turn to cybercrime to make a living.

According to law enforcement 和 other government agencies, as well as the 网络保险 sector, the reports of ransomware incidents are slowing down or declining. Due to a long-st和ing lack of consistent incident reporting, it’s hard to contextualize this, 和 while we very much hope it points to a reduction in attacks, we can’t say that that’s the case. 安全研究人员 report that activity on the 黑暗的网络 seems to be continuing at pace with 2021, a record year for ransomware攻击. It’s possible that the shift in view from law enforcement could be due to fears that involving them will result in regulatory repercussions; reports to insurers could be down due to the introduction of more stringent requirements for claims.

的 point is that it’s too early to tell, which is why we need to maintain a focus on the issue 和 seek out data points 和 anecdotal evidence to help us underst和 the impact of the government action taken so far, so we can continue to explore 和 adjust our approach. 持续关注, continued collaboration, 和 more data will help ensure we put as much pressure as possible 在ransomware actors 和 the governments 和 systems that allow them to flourish. Over time, this is how we will make progress to reduce the ransomware threat.

更多阅读:

不要错过任何一个博客

Get the latest stories, expertise, 和 news about security today.