By Mark Lanterman
Ransomware continues to have a far-reaching impact. In December, possible victims from 17 Minnesota counties were contacted to alert them to the fact that their personal information may have been compromised in October 2023.1 Clay County said in its statement that a wide variety of information had been accessed without authorization—from Social Security numbers and birth dates to tribal identification numbers and medical information.2 While it’s been made clear that a ransomware attack was to blame for the breach, specific details about the event are not available as this is being written (including how the attack was initiated and whether any ransom was paid). It is reported that some of the potential victims may have been receiving social services through the counties.
Headlines like this, if not common, are increasingly unsurprising. The 2022 Internet Crime Report (released in March 2023) specified that while the total number of ransomware attacks decreased in 2022, 2,385 complaints had been received “with adjusted losses of more than $34.3 million.”3 Additionally, a private industry notification submitted by the Federal Bureau of Investigation Cyber Division this past September described a new trend of more aggressive ransomware attacks in which dual attacks were occurring in close proximity. “During these attacks, cyber threat actors deployed two different ransomware variants against victim companies… This use of dual ransomware variants resulted in a combination of data encryption, exfiltration, and financial losses from ransom payments.”4 The warning notes that this combination could be especially damaging to those targeted.
In a report to Congress in October 2023, the Federal Trade Commission put forth several recommendations to aid the national effort to thwart ransomware as well as cyberthreats more generally. In addition to data regulation, legislation, and heightened support for encouraging businesses and organizations to strengthen their own security postures, the FTC requested that Congress “amend Section 13(b) of the FTC Act to restore the FTC’s ability to provide refunds to harmed consumers and prevent violators from keeping the money they earned by breaking the law.”5 Ransomware attacks continue to be a key threat requiring mitigatory relief for consumers. This is complicated by the fact that responding to this type of attack can be particularly tricky, as payments made to cybercriminals are strongly discouraged (and may even result in an Office of Foreign Assets Control, or OFAC, violation).6
While overarching national improvements to the management of ransomware may be pivotal in the long run, present-day consumers are often left with little direction once they find that their information has been compromised. Monitoring credit reports and being vigilant in spotting any fraudulent activity is important; in the case of the recent breaches in Minnesota, monitoring health insurance documentation may also be necessary. But proactive measures may further help mitigate risk. Implementing credit freezes can be helpful, in addition to conducting a personal audit of how accounts are being protected. Organizations are encouraged to prepare for possible ransomware attacks by means such as implementing a strong backup policy, monitoring network access, and regularly reviewing third-party vendor agreements. Staying apprised of recent advisories is also recommended, and so is making adjustments to education and training practices based on current threats.
Mark Lanterman is CTO of Computer Forensic Services. A former member of the U.S. Secret Service Electronic Crimes Taskforce, Mark has 28 years of security/forensic experience and has testified in over 2,000 matters. He is a member of the MN Lawyers Professional Responsibility Board.
Notes
1 https://kstp.com/kstp-news/local-news/officials-notify-possible-victims-of-cyberattack-impacting-17-minnesota-counties/
2 https://kstp.com/kstp-news/local-news/officials-notify-possible-victims-of-cyberattack-impacting-17-minnesota-counties/
3 https://www.ic3.gov/Media/PDF/AnnualReport/2022_IC3Report.pdf
4 https://www.ic3.gov/Media/News/2023/230928.pdf
5 https://www.ftc.gov/system/files/ftc_gov/pdf/ftc_ransomware_report_oct_2023.pdf
6 https://ofac.treasury.gov/media/912981/download?inline