This month the Federal Trade Commission (FTC) held its latest Fall Technology Series workshop on the increasingly prevalent threat of ransomware. The workshop was kicked off by FTC Chairwoman Edith Ramirez, who provided insight into the organization’s increasing actions to enforce data security and consumer privacy, along with their new focus on ransomware. The FTC’s efforts represent the latest example of a growing recognition across the U.S. government of the significance of the ransomware threat. We applaud the Commission for fostering a dialogue that brings transparency into the FTC’s logic and priorities in this area, as well as for their role in generating awareness on ways to mitigate and prevent ransomware.
In July, the U.S. government issued an interagency report offering technical guidance to critical infrastructure entities, especially small and medium-sized businesses, about how to deal with ransomware attacks. A number of federal departments have also issued sector-specific guidance on ransomware, such as the Department of Health and Human Services (HHS).
While ransomware may be on the rise, the good news is there are best practices that organizations can adopt to prevent these attacks. Our Unit 42 threat intelligence team released a report this May on the history and future of ransomware as a criminal business model and techniques to prevent these attacks. We have also provided recommendations on steps that various sectors—from government to healthcare to financial services—can take to protect their networks from ransomware.
As a founding member of the Cyber Threat Alliance (CTA), Palo Alto Networks has partnered with other security companies to expose and dismantle lucrative ransomware campaigns. In 2015, the CTA released a report on a $300 million ransomware campaign called CryptoWall v3, coordinating closely to share threat indicators with U.S. and international government and law enforcement stakeholders and enable those entities to deploy preventive countermeasures to their networks. Government partners subsequently shared additional CryptoWall v3 campaign infrastructure information with Palo Alto Networks and the CTA, establishing a strong model for the type of two-way sharing of threat information needed to combat and prevent persistent threats, like ransomware, for the benefit of the broader cybersecurity ecosystem.
Ransomware, like other increasingly destructive tactics that target hardware and industrial control systems, reinforces why a proactive, prevention-oriented defense is so critical to addressing the modern cyberthreat environment. A detection and response-focused strategy alone is no longer acceptable. Only by implementing a prevention-focused approach can organizations protect networks from the latest evolving threat.