At the end of February, InfraGardNCR and the American Gas Association (AGA) hosted a ransomware summit with guest speakers from the FBI, Dragos, FireEye, and IBM to look at how we can work together as an industry to learn from attacks and prevent more in the future.
We had over 600 hundred individuals attend this first-of-its-kind summit, and it was a promising sign for our industry to see how engaged this group was.
Ransomware occurs when a piece of malware becomes installed, typically via either e-mail attachment or web click, and it begins to encrypt all data accessible. This can happen locally on the users’ system and also on any connected systems, servers and other technical processes. The perpetrator then seeks a financial ransom for a decryption key. Financial motivation appears to be the greatest impetus for ransomware.
When this trend began, often ransoms were merely hundreds of dollars. Now, ransoms have escalated to thousands and even millions of dollars, generally requested through untraceable bitcoin.
Thieves are changing their tactics. To increase their chances of receiving ransoms, threat actors are starting to target specific processes as outlined by FireEye in a recent presentation. But the industry is growing safer as these attacks have been used to help employees become more educated on how to spot fraudulent or phishing emails.
Ransomware is a serious threat, especially to critical energy infrastructure. It is why cybersecurity is one of the top priorities for AGA and why we will continue to host meetings like this one.
Every system is always getting stronger and more secure because we learn from sharing these experiences and the knowledge we have gained.
Systems that experience cyberattacks are encouraged to report all incidents that may:
-Result in a significant loss of data, system availability, or control of systems;
-Impact a large number of victims;
-Indicate unauthorized access to, or malicious software present on, critical information technology systems;
-Affect critical infrastructure or core government functions;
-Impact national security, economic security, or public health and safety.
In all instances, the sharing of best practices and useful information helps manage this threat and I look forward to the continued cooperation we share with our members, our stakeholders, the federal government and the general public.
Note: report incidents, like those described above, to your local FBI field office (ask for the Private Sector Coordinator to help direct you to the correct cyber squad). Contact information for every field office can be found here: https://www.fbi.gov/contact-us