September 23, 2023

WASHINGTON – The Biden government urges corporate executives and business leaders to take immediate steps to prepare for ransomware attacks and warns in a new memo that cybercriminals are moving from data theft to disrupting core operations.

“The threats are serious and growing,” wrote Anne Neuberger, President Joe Biden’s assistant national security adviser on cyber and emerging technologies, in a June 2 memo received by CNBC from the White House.

“The private sector also has a crucial responsibility to protect against these threats. All companies need to realize that no company is safe from ransomware attacks, regardless of size or location, ”wrote Neuberger.

“To understand your risk, executives should immediately convene their leadership teams to discuss the ransomware threat and review the company’s security and business continuity plans to ensure you can continue operations or quickly recover,” she added added.

The White House memo lists the following five best practices for protecting against ransomware attacks.

  • Back up your data, system images and configurations, test them regularly and keep the backups offline: Make sure that backups are tested regularly and that they are not connected to the corporate network as many flavors of ransomware attempt to find accessible backups and encrypt or delete them. Managing recent backups offline is critical because if your network data is encrypted with ransomware, your business can restore systems.
  • Update and patch systems immediately: This includes maintaining the security of operating systems, applications and firmware in a timely manner. Consider using a centralized patch management system; Use a risk-based assessment strategy to advance your patch management program.
  • Test your incident response plan: Nothing shows the loopholes in the plans more than testing them. Go through a few key questions and use them to create an incident response plan: Are you able to keep your business running without access to certain systems? For how long? Would you shut down your manufacturing operations if business systems like billing were offline?
  • Review the work of your security team: Use a third-party pen tester to test the security of your systems and your resilience to sophisticated attacks. Many ransomware criminals are aggressive and sophisticated and find the equivalent of unlocking the door.
  • Segment your networks: Ransomware attacks have recently shifted – from stealing data to disrupting operations. It is critical that your business functions and manufacturing / production processes are segregated and that you carefully filter and limit Internet access to operational networks, identify connections between those networks, and develop workarounds or manual controls to ensure that ICS networks are isolated and can continue to function if your corporate network is compromised. Regularly test contingency plans such as manual controls so that security-critical functions can be maintained during a cyber incident.

The memo follows a series of ransomware attacks that have hampered logistics and services and, in some cases, sent ripples across the US economy.

Ransomware attacks involve malware that encrypts files on a device or network, causing the system to become inoperable. Criminals behind such cyberattacks usually demand a ransom in exchange for the release of data.

On Wednesday, the Steamship Authority of Massachusetts announced that its ferry service was affected by a ransomware attack that affected daily fares from Cape Cod to the neighboring islands of Nantucket and Martha’s Vineyard.

The attack comes as summer tourists begin to flock to the iconic Massachusetts vacation spots.

The Steamship Authority said in a statement to CNBC that it is working with federal, state and local authorities to determine the extent and origin of the ransomware attack.

Earlier this week, a cyberattack on Brazil’s JBS, the world’s largest meat packer, disrupted meat production in North America and Australia and sparked concerns about rising meat prices.

On Tuesday, the company said it had made “significant strides in resolving the cyberattack” and that the “vast majority” of beef, pork, poultry and ready-to-eat food operations would be back in operation by Wednesday, according to a statement.

The White House announced on Tuesday that the ransomware attack on JBS was believed to have originated from a criminal organization based in Russia.

Last month, a cyber criminal group called DarkSide launched a widespread ransomware attack on Colonial Pipeline.

The cyberattack forced the company to shut down an American fuel pipeline approximately 5,500 miles long, causing fuel disruption on the east coast and gasoline shortages in the southeast.

Colonial Pipeline paid the ransom to hackers, a source familiar with the situation, CNBC confirmed.