The recent ransomware attack on Colonial Pipeline was an all too familiar story to businesses across the United States.
The pipeline, which supplies fuel to some 50 million people from the Gulf Coast up through the entire East Coast, was closed last Friday as a precautionary measure after a ransomware attack. The company and the U.S. government continue to investigate the extent of the impact.
Over the past few months, ransomware attacks have not only hit businesses of all sizes, but also hospitals in New York, Nebraska, Oregon, and Michigan, among multiple other states. Police and sheriffs’ offices, schools, and local governments, from Atlanta to Baltimore to Fisher County, Texas, have suffered a similar fate.
A recent report from the Ransomware Task Force, a group of 60 cybersecurity experts from industry and government, sheds light on both the alarming increase in the frequency of these attacks and the ransom size they demanded.
In 2020, it estimates $350 million in ransom was paid to attackers – a more than 300 percent increase over the previous year – with an average payment of over $300,000.
According to a 2021 report, the greatest number of victims in 2020 by industry were in manufacturing, professional and legal services, and construction. Healthcare, manufacturing, and education businesses experienced significant increases. Attacks against industry sectors, including aerospace, also appear to be on the rise.
Often, organizations hit by ransomware face a very difficult choice: either pay a ransom and fuel a criminal market or refuse to pay and hope their computer systems can be restored.
If businesses decide to pay the ransom to quickly resume operations, the price can put their business on the brink of bankruptcy. Moreover, there is no guarantee their systems will be restored.
In short, organizations in every sector and of every size need to take this threat seriously and take steps today to protect themselves. By the time you’re dealing with an attack, it’s too late for proactive measures.
Businesses may also lose access to their proprietary information, including intellectual property and client and employee data, in addition to suffering reputational costs.
Protecting the American people and companies against ransomware must be one of our top priorities as a nation. We can no longer look the other way and we cannot treat ransomware as simply a nuisance. This latest attack should serve as a clarion call for organizations across the country to shore up their cyber defenses and get ahead of future threats.
Ransomware – like most cyber-attacks – exploits the weakest link. Small businesses are particularly vulnerable because many of them are financially fragile and do not have the necessary resources to install cybersecurity software, ensure constant technology monitoring, provide employee training, and hire full-time information technology experts.
It’s no surprise that small businesses comprise half to three-quarters of all ransomware victims. And when these businesses do become targets, it can have devastating and permanent impacts, forcing some to close their doors permanently.
In short, organizations in every sector and of every size need to take this threat seriously and take steps today to protect themselves. By the time you’re dealing with an attack, it’s too late for proactive measures.
The good news is that you don’t have to do it alone and there are affordable solutions for every budget. That is why the Departments of Homeland Security and Commerce are working together to help businesses both prevent and respond to ransomware attacks.
A few simple but critical steps can go a long way to protect against this category of malicious cyber activity, and our two departments are committed to working together with businesses and their CEOs.
The Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) is well-positioned to help organizations take preventive measures to increase resilience before an attack occurs.
CISA recently launched its “Reduce the Risk of Ransomware Campaign” with free, public guidance and resources to help organizations prepare for these attacks and evaluate the strength of their company’s cyber posture.
Practical guidance
CISA’s website also points to the practical guidance offered by Department of Commerce’s National Institute of Standards and Technology (NIST), leveraging its deep economic and technical expertise. The National Cyber Investigative Joint Task Force has also provided a guide on how to respond after a ransomware attack has occurred.
Increasing basic cybersecurity hygiene to prevent ransomware is important, but it’s only part of the solution. The Biden-Harris Administration is coordinating a whole-of-government strategy to increase resilience, disrupt, and investigate ransomware networks, and hold perpetrators accountable.
However, the federal government cannot combat ransomware alone. Prevention, disruption, and prosecution require collaboration across every level of government and the private sector – both domestically and internationally.
Our Departments will continue to advocate for a comprehensive approach to tackling ransomware to keep our communities safe. The demands of meeting pernicious ransomware attacks require nothing less.
In the coming weeks, we will increase our Departments’ respective collaboration with the private sector and explore new initiatives designed to support businesses, healthcare systems, and local governments. These public-private partnerships will continue to protect our businesses, our economy, and our national security.
Alejandro N. Mayorkas is the U.S. Secretary of Homeland Security and Gina M. Raimondo is the U.S. Secretary of Commerce.