Fraud Management & Cybercrime , Government , Industry Specific
Global Governments Release New Ransomware Response Guidance
Counter Ransomware Group Focuses on Timely Reporting, Avoiding Paying the RansomNew voluntary ransomware guidance released during the International Counter Ransomware Initiative meeting this week calls for victims to report attacks to law enforcement on a more timely basis - and involve more advisers in deciding whether to pay a ransom.
See Also: The Healthcare CISO’s Guide to Medical IoT Security
Top cybersecurity experts from nearly 70 nations are attending the fourth International Counter Ransomware Initiative meeting at the White House this week. The annual week-long event, launched in 2021, hopes to address recent high-profile attacks and lead to new strategies for ransomware mitigation (see: White House Pledges Major Deliverables at Ransomware Summit).
The United Kingdom and Singapore governments, which are leading talks on ransomware resilience, on Wednesday released a voluntary guidance document designed to help victims to respond to ransomware attacks and minimize the impact.
Under the proposal, victims are encouraged to report attacks and any ransom demands or payments to law enforcement agencies, cyber insurance carriers and other outside firms that can help. Victims are discouraged from paying ransoms, but the decision to pay the ransom should be made only after making sure it "is likely to change the outcome" of the incident and complies with local regulatory requirements.
"External experts such as insurers, national technical authorities, law enforcement or cyber incident response companies familiar with ransomware incidents can improve the quality of decision-making," according to the new guidance. Officials also pointed out that paying the ransom does "not guarantee access to your devices or data."
Ransomware victims are also encouraged to record incident response, decisions made related to ransomware mitigation and data captured for post-incident reviews. They should also know the regulatory penalties that can result from a data breach.
"Overall, the advice feels complete and aligned," said Casey Ellis, founder and chief strategy officer at Bugcrowd. "The only change I would consider would be to move the 'record your decision-making' to the top of the list. Dealing with these types of incidents can very easily and quickly create a fog-of-war effect inside a ransomed organization."
During the event, the participants tackled several initiatives including the completion of a project on secure software and labeling principles by the U.K. and U.S. governments. Other announcements included the launch of a member portal by Australia for information sharing and a new U.S. government fund to strengthen members' cybersecurity capabilities.
The updated guidance came a day after a joint action by the U.S., U.K. and European governments announced arrests, indictments, sanctions and server takedowns targeting the Russian cybercriminal underground (see: LockBit and Evil Corp Targeted in Anti-Ransomware Crackdown).
The U.K. NCSC and the White House did not immediately respond to requests for comments from Information Security Media Group.