Information sharing can help prevent ransomware actors from completing their attacks.
JCDC and pre-ransomware notification.
The US Cybersecurity and Infrastructure Security Agency’s (CISA’s) Joint Cyber Defense Collaborative (JCDC) is cultivating its pre-ransomware notification capability. JCDC states, “With pre-ransomware notifications, organizations can receive early warning and potentially evict threat actors before they can encrypt and hold critical data and systems for ransom.”
Early notification program is already seeing success.
The JCDC is a public-private sector information-sharing organization established by CISA in 2021. JCDC Associate Director Clayton Romans explained in a blog post yesterday that pre-ransomware notifications are possible due to “tips from the cybersecurity research community, infrastructure providers, and cyber threat intelligence companies about potential early-stage ransomware activity.” Romans added that “since the start of 2023, we’ve notified over 60 entities across the energy, healthcare, water/wastewater, education, and other sectors about potential pre-ransomware intrusions, and we’ve confirmed that many of them identified and remediated the intrusion before encryption or exfiltration occurred.”
Avishai Avivi, CISO of cybersecurity firm SafeBreach, offered the following observations:
“The new federal cybersecurity program unveiled today is an important signal that the Biden Administration is pushing forward on implementing the National Cybersecurity Strategy published earlier this month. Specifically, this program addresses the strategic objectives listed under pillar two of the national strategy. With this program, CISA is advancing strategic initiative 2.3 to help ‘Increase the Speed and Scale of Intelligence Sharing and Victim Notification’ and strategic initiative 2.5 to ‘Counter Cybercrime, Defeat Ransomware.’ For the first initiative, CISA provides the victim organizations with early warning and assistance to prevent or recover from Ransomware attacks. By doing this, CISA is also addressing the second initiative that removes the malicious actors’ reward structure and disrupts their ability to extort the victim organizations.
“As the CISA program moves to a more proactive phase, i.e. pre-ransomware attack, we feel this type of collaboration will enable organizations to validate their security controls and enhance the resilience of their security program to these types of attacks.”