- The U.S. Senate wants to enable the DHS to form expert IT teams that will help organizations with ransomware.
- The teams will provide technical support, advice, incident response, and data retrieval services.
- Security analysts are happy with this first step but call for more action in the same direction.
Ransomware actors in the U.S. have gone rampant this year, and the trend is only going upwards. Simply put, attacking public entities such as schools, local agencies, government offices, and hospitals works like a charm for malicious actors. The public agencies will promptly pay the ransom as they can’t afford to remain offline for long, and they are generally easy targets as they usually don’t have any serious protection measures in place. The problem has gotten out of hand, and it costs millions taken from taxpayer money. The FBI repeatedly showed their inability to track down the actors, and so the only solution is to get organized against it.
The U.S. Senate proposed a new law called the “DHS Cyber Hunt and Incident Response Teams Act”. The proposal authorizes the Department of Homeland Security (DHS) to form and dispatch expert incident response teams that would help targeted organizations deal with ransomware attacks. These teams will deploy whatever available tools exist to help retrieve the lost data, unlock encrypted files, and restore backups. Paying ransoms and negotiating with the actors is entirely out of the question.
These incident response teams, however, will not only help with getting the systems up and running again but also in making them more robust and harder to infect with malware in the future. When there are no incidents to respond to, the teams will be visiting public and private entities (upon request), performing a proactive risk analysis, and implementing mitigation measures. A key strategy against ransomware attacks is to take regular backups and store them on offline media. The team could help the entities to incorporate this practice onto their regular procedures, and also provide technical support on how to automate this process.
While this new legislation is a solid first step in the right direction, security analysts point out that this is just the beginning. They believe that there’s a need for a centralized security operations center which has to be set up soon in the country. Without a unified approach in security that will be financially supported by the government, any advice or incident response won’t have a profound and long-term effect in the effort to stop ransomware attacks. Still, this is a legislative proposal that deserves our applause, and one that will create a safety net for the organizations that are hit by ransomware.