A joint-sealed ransomware factsheet outlining widespread attack tactics and means to ensure protection and mitigating was issued by the National Cyber Investigation Joint Task Force (NCIJTF) on Friday.
The factsheet was developed by an inter-agency committee of ransomware experts representing more than 15 government departments and is designed to help raise awareness of the threat to critical infrastructure posed by ransomware.
In addition to encrypting the data on victim computers to make it unusable, the two-page paper outlines that ransomware operators may either compel victims to pay the ransom by threatening to delete the information or release it to the public.
Ransomware attacks affect all industries, including state, provincial, tribal, and territorial governments, but also threaten hospitals, police, fire services, towns, and other vital infrastructure.
Popular vectors of ransomware infection, the paper describes, include email phishing campaigns (in which victims receive messages with malicious attachments or ransomware links), misconfigurations of the remote desktop protocol (RDP) and vulnerabilities in software.
Ransomware has also had a significant effect on the public sector, but it is always impossible to quantify the overall costs associated with a ransomware infection, as they include not just the ransom paid, but also recovery and potentially extra costs.
While one U.S. county ended up costing Ryuk operators $132,000 to retrieve encrypted systems, another paid $1 million using new equipment to restore the systems instead of paying a $1.2 million ransom.
One U.S. city that declined to pay Robin Hood ransomware operators the 13 Bitcoin (about $76,000) ransom, however, ended up paying more than $9 million to repair networks and services.
Ensuring that applications are both modified and patched using multi-factor authentication, and maintaining backed-up files, device photos, and settings can help reduce ransomware-related risks.
The FBI says that victims of ransomware need not pay the ransom, as this does not guarantee the retrieval of information, but only allows cyber criminals to threaten more people and organizations. In order to better monitor ransomware operators, victims are urged to report attacks.