The Polish government sent a delegation to a meeting on October 13-14, organised by the US National Security Council on the Counter-Ransomware Initiative. The meeting emphasised the need for close cooperation between states and between various areas of administration (law enforcement, judiciary, public finances) as well as with the private sector, especially in the light of the recent increase of far-reaching ransomware attacks, such as the ones against the world’s largest meat producer JBS and the Colonial Pipeline in Eastern USA.
The participants also stressed the importance of accelerating information exchange, especially at an operational level, for efficient countermeasures against ransomware attacks.
Poland took an active part in the discussion at the political and expert level by submitting specific proposals to build resistance against this phenomenon. The results of the meeting and prospects of further actions are included in the statement of the ministers and representatives from the Counter-Ransomware Initiative.
In the statement, the participants underlined the risks ransomware attacks pose to critical infrastructure, essential services, public safety, consumer protection and privacy, and economic prosperity.
The statement also emphasises that, as with other cyber threats, the threats of ransomware attacks are complex and global in nature and require a shared response. A nation’s ability to effectively prevent, detect, mitigate and respond to threats from ransomware will depend, in part, on the capacity, cooperation, and resilience of global partners, the private sector, civil society, and the general public.
According to the experts participating in the meeting, network resilience is key to disrupting the plans of ransomware criminals. Such resilience can be achieved by maintaining offline data backups, use of strong passwords and multi-factor authentication, ensuring software patches are up to date, and educating against clicking suspicious links or opening untrusted documents.
Another important measure is the tactic of placing emphasis on countering illicit finance, as ransomware attacks are primarily profit-seeking endeavors, commonly leveraging money laundering networks to move ransomware proceeds. Tools that can be used make it harder to launder the money include customer due diligence, suspicious activity reporting, and transaction monitoring.
Finally, the statement stresses the role of diplomacy in disrupting the ransomware ecosystem, by promoting rules-based behaviour and encouraging states to take reasonable steps to address ransomware operations emanating from within their territory.
An example of the threat posed to critical infrastructure by ransomware attacks came on May 7th this year when an attack was executed against the Colonial Pipeline, the American oil pipeline system.
The pipeline which originates in Houston and carries fuel mainly to the Southeastern United States, suffered a ransomware cyberattack that impacted computerised equipment managing the pipeline.
The Colonial Pipeline supplies around 45 percent of all fuel consumed on the East Coast of the United States.