The Cybersecurity and Infrastructure Security Agency at the U.S. Department of Homeland Security launched a new educational campaign Thursday encouraging governments, schools and private companies to take steps to protect their systems and data from ransomware.
“CISA is committed to working with organization at all levels to protect their networks from the threat of ransomware,” said Brandon Wales, acting Director of CISA in a statement. “This includes working collaboratively with our public and private sector partners to understand, develop and share timely information about the varied and disruptive ransomware threats. Anyone can be the victim of ransomware, and so everyone should take steps to protect their systems.”
The agency, which helps protect federal civilian agencies from digital attacks and often acts as the U.S. government’s liaison to the private sector and state and local governments on defensive cybersecurity matters, will start by focusing on organizations that are involved in COVID-19 and K-12 school systems. Both have been relentlessly targeted by criminal and state sponsored hackers over the past year, and schools in particular have been hit with an unprecedented wave of ransomware attacks.
In 2019, CISA began more actively highlighting the threat, first as a potential vector to impact U.S. elections and then more generally as industries, schools, state and local governments and critical infrastructure all reported higher rates of attacks and infections. According to an analysis by Emsisoft released this week, at least 2,354 public sector entities were impacted by ransomware in 2020, including at least 113 federal, state and local agencies, 560 healthcare facilities and 1,681 schools. Many of these organizations are already strapped for cash, financially dependent on uncertain state and federal funding and lack the resources or expertise to go toe to toe with sophisticated ransomware gangs.
Over the past year, CISA has gradually built up a host of resources for technical and non-technical officials who work for impacted sectors. The campaign will involve more proactive outreach by the agency to share those resources and other forms to assistance.
The burgeoning threat of ransomware has vexed law enforcement, policymakers and industry, and other groups have emerged recently to devise new strategies to help under-resourced organizations deal with the problem. In December, the Institute for Security and Technology announced the formation of a new multisector task force to break down industrial silos and develop collective solutions.