Nation’s cybersecurity agency using alerts to prevent the damage of ransomware attacks

WASHINGTON, D.C. — More ransomware attacks are happening nationwide, and every industry is a possible target.

From a payroll hack impacting how you get paid to a hospital attack exposing your medical records, the damage left behind by these attacks can impact almost every aspect of our lives.

“A ransomware group stole confidential patient information which included names, social security numbers, and medical information from a health center,” said Republican Senator Josh Hawley of Missouri during a congressional hearing about ransomware attacks in March.

In some cases, the impact can even be deadly.

“The attack prevented healthcare providers from using equipment that monitor a baby’s condition during delivery and as a result, the infant tragically passed away,” said Senator Gary Peters, (D) Michigan.

But what if you could prevent some of that damage? That’s the goal of new Pre-Ransomware Notifications. It’s run by the U.S. Cybersecurity and Infrastructure Security Agency or CISA for short.

“Not only can we focus on preventing attacks, we can focus on reducing harm once they occur,” said

Eric Goldstein, executive assistant director for cybersecurity at CISA.

Goldstein said some cybersecurity companies will alert CISA when a hacker gains access to a network.

“[Hackers will] use a phishing email that will get them access to one employee’s computer, but the crown jewels of that company might not be on that computer,” he said.

Goldstein explains that hackers will bounce around the compromised system to figure out which records to lock up for a ransom. This process can take hours or even days and that’s the same critical window CISA relies on to step in and help.

“We send our regional personnel on the double to knock on a door and say hey if we take these steps right away, we can get ahead of these bad guys before they cause harm, before they cause damage before the worst-case scenario is realized,” said Goldstein.

So far this year, CISA has notified more than 200 organizations nationwide and 40 internationally.

Now the agency is working to scale up the program. But Goldstein said they need companies to report these attacks whenever they happen.

“There is no shame in being targeted. The most important thing is what you do next, which should be reported to the federal government and take steps to respond, recover, and then harden effectively,” said Goldstein.

The agency says you can find more information on ransomware reporting and additional resources to manage ransomware risk at stopransomware.gov.

Goldstein said CISA is also working with companies in another program to help prepare them before something happens in the first place. He explains this program will identify various vulnerabilities that could open a company up to a possible ransomware attack.

“We’re using our free services to identify these vulnerabilities and then when we see one, then via our nationally aligned teams across the country, we’ll get out there, we’ll knock on a door, we’ll make a phone call,” said Goldstein. “And we’ll say you might not have had an attack yet. But you really need to fix this vulnerability pronto before an attack happens that way, ideally, we’ll reduce the frequency of these attacks over time.”