Trustwave and Cybereason Merge to Form Global MDR Powerhouse for Unparalleled Cybersecurity Value. Learn More

Trustwave and Cybereason Merge to Form Global MDR Powerhouse for Unparalleled Cybersecurity Value. Learn More

Services
Managed Detection & Response

Eliminate active threats with 24/7 threat detection, investigation, and response.

Co-Managed SOC (SIEM)

Maximize your SIEM investment, stop alert fatigue, and enhance your team with hybrid security operations support.

Advisory & Diagnostics

Advance your cybersecurity program and get expert guidance where you need it most.

Penetration Testing

Test your physical locations and IT infrastructure to shore up weaknesses before exploitation.

Database Security

Prevent unauthorized access and exceed compliance requirements.

Email Security

Stop email threats others miss and secure your organization against the #1 ransomware attack vector.

Digital Forensics & Incident Response

Prepare for the inevitable with 24/7 global breach response in-region and available on-site.

Firewall & Technology Management

Mitigate risk of a cyberattack with 24/7 incident and health monitoring and the latest threat intelligence.

Solutions
BY TOPIC
Microsoft Security
Unlock the full power of Microsoft Security
Offensive Security
Solutions to maximize your security ROI
Rapidly Secure New Environments
Security for rapid response situations
Securing the Cloud
Safely navigate and stay protected
Securing the IoT Landscape
Test, monitor and secure network objects
Why Trustwave
About Us
Awards and Accolades
Trustwave SpiderLabs Team
Trustwave Fusion Security Operations Platform
Trustwave Security Colony
Partners
Technology Alliance Partners
Key alliances who align and support our ecosystem of security offerings
Trustwave PartnerOne Program
Join forces with Trustwave to protect against the most advance cybersecurity threats

Proposed Bill Would Require Ransomware Victims to Disclose Ransom Amount

Sen. Elizabeth Warren, D-Mass., and Rep. Deborah Ross, D-N.C., introduced a bill last week that would require ransomware attack victims who paid a ransom demand to disclose to the federal government the amount paid to the threat actor. 

The bill, entitled the Ransom Disclosure Act, is designed to gather information on ransomware attacks which she believes will help the Department of Homeland Security formulate a better response to the ransomware threat facing the country. 

"Ransomware attacks are skyrocketing, yet we lack critical data to go after cybercriminals," Warren said in a statement. "My bill with Congresswoman Ross would set disclosure requirements when ransoms are paid and allow us to learn how much money cybercriminals are siphoning from American entities to finance criminal enterprises -- and help us go after them." 

18241_picture1

Rep. Deborah Ross, D-N.C., and Sen. Elizabeth Warren, D-Mass. 

If passed, the bill would require: 

  • That ransomware victims (excluding individuals) disclose information about ransom payments no later than 48 hours after the date of payment, including the amount of ransom demanded and paid, the type of currency used for payment of the ransom, and any known information about the entity demanding the ransom; 
  • DHS to make public the information disclosed during the previous year, excluding identifying information about the entities that paid ransoms; 
  • DHS to establish a website through which individuals can voluntarily report payment of ransoms;  
  • Direct the Secretary of Homeland Security to conduct a study on commonalities among ransomware attacks and the extent to which cryptocurrency facilitated these attacks and provide recommendations for protecting information systems and strengthening cybersecurity. 

Ransomware by the Numbers

Warren cited FBI statistics for 2020 that said the agency received nearly 2,500 ransomware complaints that year, up 20% from 2019, and identified losses of over $29 million. 

Such payments have continued in 2021, with threat actors forcing several major corporations to pay a ransom.  

One of the more prominent attacks took place this summer when the DarkSide cyber gang infiltrated ransomware into Colonial Pipeline's network through an old VPN 

The malware forced the company to shut down its fuel pipelines, pay a $4 million ransom and have the data of 5,800 current and former employees compromised. The FBI was able to recover $2.3 million by tracking the bitcoin payment to a wallet it controlled.  

Trustwave researchers stated in a blog post that there were 304 million attacks worldwide in 2020 alone, a 64% increase from 2019.  

The  official stance is it does not support paying a ransom in response to a ransomware attack. Paying a ransom doesn’t guarantee that an organization will get any data back. It also encourages perpetrators to target more victims and offers an incentive for others to get involved in this type of illegal activity, the FBI said. 

Anne Neuberger, deputy national security adviser for cyber and emerging technology, noted during a conference earlier this year Federal government does not ban victims from paying ransoms. 

Trustwave's Recommendations for Ransomware Preparedness 

Trustwave has a variety of resources available to help in the case of an attack, along with several general proactive recommendations to help stave off an attack.  

Trustwave's Digital Forensics & Incident Response team can help identify the breach, measure its impact, secure evidence, and be your advisor in handling the press, employees, and law enforcement agencies, as well as, provide litigation support.  

To secure a network from ransomware Trustwave recommends: 

  • Antivirus protection provides an essential layer of defense, despite being weaker and more outdated than other methods. Make sure it is updated and always on. 
  • Patching is critical: Your vulnerable systems will be the first to be targeted, if not actively monitored and updated. 
  • Invest in an application audit. Understanding what "normal" looks like for your applications will better alert you to what is deemed suspicious. While application whitelisting may cause reservations for some IT teams, if a company has a handle on what apps are running and required from a business standpoint, it helps security prioritize what is a true threat. Audits increase confidence to ensure there is important context surrounding what is whitelisted and any exceptions. 

Organizations also cannot forget the human factor when it comes to defending against ransomware. 

Ransomware often requires human action to be successful, which makes people the critical part of a ransomware attack. Many ransomware attacks start with phishing emails combined with exploit kits. So, it is critical for organizations of all sizes to educate their employees on cybersecurity hygiene, particularly how to recognize and avoid suspicious links and attachments. Doing so has been shown to help reduce the number of successful attacks. 

One way to bolster an employee’s ability to detect and avoid ransomware, according to Trustwave’s security researchers, is through an on-going security awareness training program that instructs staffers on what to avoid, such as clicking on unknown or suspicious links that appear in emails or attachments. And to report any potential attacks to the Information Security team for support.

Cybersecurity Awareness Month

Trustwave is supporting the 2021 Cybersecurity Awareness Month, which is sponsored by Cybersecurity and Infrastructure Security Agency (CISA), in partnership with the National Cybersecurity Alliance (NCSA), with a series of blog posts and webinars 

 

 

ABOUT TRUSTWAVE

Trustwave is a globally recognized cybersecurity leader that reduces cyber risk and fortifies organizations against disruptive and damaging cyber threats. Our comprehensive offensive and defensive cybersecurity portfolio detects what others cannot, responds with greater speed and effectiveness, optimizes client investment, and improves security resilience. Learn more about us.

Latest Intelligence

Discover how our specialists can tailor a security program to fit the needs of
your organization.

Request a Demo