What the DOJ's involvement in cyberattacks means for the future of ransomware

As businesses transitioned to remote work amid the COVID-19 pandemic, ransomware attacks became a key issue that business leaders were forced to increasingly prioritize. With ransomware attacks ramping up in frequency in the remote environment – most notably, the recent breaches of the Colonial Pipeline and JBS Foods – cybersecurity has become even more of a national security concern, forcing government action from the Department of Justice (DOJ). While the DOJ did not previously play a prominent role in responding to, or assisting with, ransomware attacks of private entities, now that they are threatening critical U.S. infrastructure systems and adversely impacting the economy, the government has been forced to take action.

As the U.S. Government takes a more prominent role in helping private entities prepare for and respond to cyberattacks, and the government is more highly prioritizing cybersecurity measures, business leaders need to also make cybersecurity a top issue within their own organizations and understand how ransomware is going to evolve moving forward. At a fundamental level, they must have an understanding of what’s at stake if business operations are breached. As businesses navigate this new frontier, there are a number of key issues that they should consider, both for implementing their own cybersecurity protections, as well as adjusting expectations for government involvement in cyberattacks moving forward.

Business leaders must take ownership of cyber threats

To begin preparing for cyber threats, it is critical that business leaders first accept the reality that, for many organizations, cyber constitutes the number one risk to businesses at this time. This will likely remain the case over the coming months as business operations are vulnerable in the transition to the next phase of work. Cybersecurity awareness and protections must be implemented at every level of the business, including at the leadership level. Once business leaders understand the critical nature of cyber threats, they should make business decisions with cybersecurity in mind in order to better position the organization to prepare for and handle a potential ransomware attack.

While cyberattacks can’t always be prevented, especially in the increasingly digital business world, there are steps organizations can take to protect employees and sensitive company information, starting first by allocating necessary budget to implement cyber protection programs. Organizations should place strong emphasis on training and awareness campaigns for their entire workforce, employ sufficient endpoint detection and network monitoring tools, limit administrative rights on devices, and generally empower their cyber security function to drive a culture of accountability and security awareness throughout the enterprise.

In addition to preparing their own organizations for cyberattacks, it’s critical that business leaders collaborate with other organizations both within and outside of their industry to prevent attacks. Businesses across all industries are falling victim to cyberattacks, and business leaders can learn from one another and collectively work together to limit digital threats.

Business risks of DOJ’s involvement in cyberattacks

Cyberattacks pose several major risks for businesses, including financial and operational threats. The DOJ’s involvement in a ransomware attack could take many forms, depending on the size of the attack and the available resources. While the DOJ’s involvement may be helpful, the introduction of any external element into a company’s network inherently introduces risk. A far better strategy is to develop a sound cyber security program that would prevent the need for the DOJ to even step in at all.

Additionally, businesses can prepare for the DOJ’s changing role in cybersecurity by investing in legal support in-house that can help to manage a cyberattack or breach within the organization. Legal counsel can also assist with the government’s potential involvement in a situation. By identifying outside legal consultants that are skilled in the cyber domain, business leaders will feel more comfortable and prepared when stepping into the decision-making process in the event of an attack.

Future of ransomware

The DOJ’s involvement with cyberattacks and its emphasis on ransomware is a signal that cyber threats in the U.S. are worsening, and organizations are more vulnerable to cybersecurity issues as attackers gain more confidence. There are a number of ways businesses can expect ransomware to evolve moving forward, including decreased reliance on bitcoin for ransom payment and a movement to more privacy-focused cryptocurrencies like Monero. Additionally, business leaders should prepare for a secondary extortion market where a company might get extorted again after another attacker finds or purchases stolen data from an initial attack – this could result in the new attacker asking for more money to prevent additional disclosures. In order to avoid a secondary attack, business leaders must understand that once data is gone, it’s gone.

An important component of cybersecurity protections is education. Cybersecurity programs do not have to be made overly complicated, and organizations can protect themselves by focusing on the fundamentals – sufficient technical controls, sound policies and procedures, training & awareness, and validation and auditing measures. In addition to informing employees of vulnerable areas, business leaders should implement a system within their organizations to encourage employees to report incidents of phishing. This system of reporting can help to bring awareness to the issue for other employees and give the cyber team a chance to preempt future phishing or ransomware attempts.

The responsibility of the U.S. government to protect against cyberattacks

The DOJ’s involvement in cyberattacks is new, and it appears that the Colonial Pipeline incident was one of the first times the FBI was publicly involved in the cyberattack of a private entity. This is hopefully a harbinger of things to come, as the U.S. government should take a more active role in defending the country from ransomware attacks. That being said, business leaders of small and mid-sized companies should not expect to receive help from the government. The DOJ has limited resources and they will likely be reserved for high-impact attacks and those against critical infrastructure, as with the Colonial Pipeline.

As businesses ramp up their digital transformation efforts, the government should develop a set of minimum guidelines for cybersecurity protections across the U.S. economy. The DOJ will not be able to get involved and assist every company that experiences an attack, but by strongly urging companies to implement basic cyber controls, it would radically reduce the levels of cyberattacks many businesses are experiencing. Additionally, at times the government has the ability to actively disrupt cyberattacks in progress, and even remediate critical vulnerabilities in digital infrastructure, which we saw earlier this year when the FBI conducted a court-authorized action to resolve a vulnerability with Microsoft Exchange. Many businesses are too far behind the curve on cyber preparedness, and this encouragement from the U.S. government would give many businesses the push they need to take action and prepare for cyberattacks.

Businesses need to take extra measures to protect themselves from ransomware attacks moving forward as it’s unlikely that the government will share tactics or technologies with private entities. It’s unclear what resources were used during the Colonial Pipeline situation, but it was likely a capability that’s only available to the government – this is another reason why a higher capable actor would avoid using bitcoin to pay ransoms moving forward as it’s becoming harder to “hide” on the bitcoin public ledger. The government’s lack of involvement shouldn’t deter companies from implementing cyber protections: The bottom-line benefits of implementing programs outweighs the potential financial fallout that would take place if a company were to experience an attack.

The past year has challenged businesses in unprecedented ways. It’s critical that organizations take concrete steps toward ransomware protection to bypass avoidable challenges, including government involvement and the loss of important company data. By recognizing the threat of cyberattacks, understanding the risks associated with them, and identifying the vulnerable areas within the organization, businesses will be best positioned to handle an ever-increasing volume of cybersecurity concerns.

Ransomware and the propulsion of the extortion economy has rapidly eclipsed into a national priority. Recently, we observed the catastrophic impact of a widescale ransomware attack impacting gas pipelines and raising national gas prices overnight.

How can security leaders charged with investigations handle the management of interviewers and interrogators, as well as handle interviewing, including dealing with false confessions and misleading information?