In response to ransomware’s devastating effects on businesses large and small around the globe, President Biden convened a special committee of public- and private-sector security professionals. The result was an extensive list of recommendations for both government and private industry. Below are the four key recommendations made in the panel’s report and our approach to delivering proven solutions to address them.
1: Deter Ransomware Attacks
Go smaller. Booz Allen works to decrease our client’s ransomware attack surface. Below are five simple but proven steps. Let’s talk implementation:
- Endpoint Monitoring – Establish an alert protocol when suspicious activity is detected. Of course, actioning alerts is critical here either internally or with an incident response partner that also provides detection and response capabilities.
- Email Scanning – While brute-force attacks do occur, the delivery of malicious code via email is still one of the two most common attack methods. An inline solution for email scanning is effective at identifying malicious attachments.
- Multifactor Authentication – When credentials are stolen or otherwise compromised, multifactor authentication is your best defense against unauthorized access and internal privilege escalation.
- Patching Program – In addition to using malicious email, ransomware attackers often scan networks looking for published critical vulnerabilities. Developing and implementing a comprehensive patching program is essential.
- Data Backups – One of the first objectives of any ransomware attacker after gaining access to your network is to locate and encrypt your data backups. Ensuring your critical systems are backed up in multiple locations ensures that you will be able to restore without the need of the attacker’s decryption tool.
2: Disrupt the Ransomware Business Model
Government certainly has a role here. Action items we anticipate government taking include increased regulation in the crypto-currency space, expansion of the sanctioned entity list, increased scrutiny and more resources for law enforcement, and diplomatic and economic pressure against host nations of ransomware.
What can you do to disrupt the ransomware business model? Our recommended solutions listed above are a good start. Beyond that, we recommend making a corporate commitment to network security that is commensurate with the threat. Attackers never stop developing their tactics, techniques, and procedures (TTPs), which makes network security and resiliency a living commitment. Booz Allen is in the fight against nation-state and criminal attackers in both the public and private sector. We are familiar with their TTPs and are positioned to provide our clients with an over-the-horizon view of emerging threats and solutions to mitigate those threats.
Besides the recommendations we already discussed, other solutions include developing a comprehensive insider-threat program, vendor risk management program (SolarWinds), comprehensive penetration testing program, comprehensive threat-hunting program, annual network assessment, and an annual training program for senior crisis managers to test and review internal response strategies.
Why Booz Allen Threat Hunting?
- Technology agnostic - We apply our hypothesis-based hunt analytics to the client’s endpoint detection and response data.
- Immediate value - On day one, we deploy our hunt analytics library with 450+ analytics signatures, rules, and queries, aligned to the MITRE ATT&CK® knowledge base.
- Proven approach and experience - Booz Allen’s processes, methods, and technologies have been tested, refined, and proven at Fortune 500s and the U.S. government across the most significant attacks in U.S. history.