Ransomware is no longer an emerging trend—it is a widely-used tactic that threatens business and government, and the threat actors using it are growing more devious by the day. As our Cyber Threat Intelligence team discusses in the annual 2020 Cyber Threatscape Report, instead of just locking up data until a ransom is paid, threat groups are taking and releasing information publicly. This “name and shame” tactic turns what was already an expensive recovery process into a longer-term issue involving notification requirements and damaging victim enterprises’ credibility and trust—thereby creating new incentives to pay ransoms. 

The U.S. federal government has taken notice and recently released an advisory, reminding businesses that they could be subject to enforcement and financial penalties if they have any role in paying a ransom to a sanctioned attacker. The advisory should be a wake-up call. It broadly applies to victims, insurers, digital forensics, incident responders, and financial services firms; it extends to U.S. persons helping foreign companies paying ransoms; and the enforcement can happen even if you don’t know who the attacker is. Government warnings like this are often followed by enforcement actions to make the deterrent effect stick.

<<< Start >>>

The advisory reinforces what should be a broadly accepted message: Don’t pay ransom.

<<< End >>>

Planning for Resilience

First, the advisory reinforces what should be a broadly accepted message: Don’t pay ransom.   Paying ransom demonstrates to attackers that victims can be exploited and attacked again. It empowers bad actors and contributes to the growth of the ransomware industry, making victims and the world less safe.

Second, be on the look-out for these attacks. Leverage threat intelligence to understand signatures and industry-specific trends, and monitor for both the prolific and innovative actors and copycats. Remember that the security measures used to prevent ransomware are the same as those needed generally and must evolve in line with the threat. Knowing what evolving threats look like is key to staying out of trouble.

Third, have verified backups.  Consider how the cloud can bring you operational resilience and added security.

Fourth, have robust practiced incident response (IR) plans. If you don’t have them, build them now.  If you are building one or giving it a refresh, make sure to involve operations, finance, communications and legal teams. Practice. The plan may go out the window in a crisis but your trusted communication with your stakeholders will be key to recovery.

  • Work with your legal team to include compliance in the IR plan. How do you use threat intelligence to learn more about attackers and indicators of compromise; how do you evaluate that against lists of sanctioned entities?

Fifth, build relationships with law enforcement.  The first time you speak to law enforcement should not be during a crisis.  If you have reason to believe or suspect that a threat actor could be a sanctioned entity, that line of communication could be even more important.

<<< Start >>>



<<< End >>>

The threat landscape is continually changing—and ransomware attacks are rampant and evolving.  Our CTI team predicts that threat actor tactics will continue to escalate into 2021 – with their profits increasing along with their targets’ weakened security, enabling the threat actors to continue innovating and investing in even more advanced ransomware. Businesses should take this government advisory as a reason to pause, re-assess their security partnerships and plans, and practice their incident response plans.

 

Accenture Security is a leading provider of end-to-end cybersecurity services, including advanced cyber defense, applied cybersecurity solutions and managed security operations. We bring security innovation, coupled with global scale and a worldwide delivery capability through our network of Advanced Technology and Intelligent Operations centers. Helped by our team of highly skilled professionals, we enable clients to innovate safely, build cyber resilience and grow with confidence. Follow us @AccentureSecure on Twitter or visit us at www.accenture.com/security.

Copyright © 2020 Accenture. All rights reserved. Accenture, and its logo are trademarks of Accenture.

This document is produced by consultants at Accenture as general guidance. It is not intended to provide specific advice on your circumstances. If you require advice or further details on any matters referred to, please contact your Accenture representative. Given the inherent nature of this document, the content contained in this article is based on information gathered and understood at the time of its creation. It is subject to change. Accenture provides the information on an “as-is” basis without representation or warranty and accepts no liability for any action or failure to act taken in response to the information contained or referenced in this article.

Ryan LaSalle

​MANAGING DIRECTOR – ACCENTURE SECURITY

Subscription Center
Subscribe to Security Blog Subscribe to Security Blog