BIG NEWS DOJ, WH & DHS Launches First One-Stop Ransomware Resource StopRansomware.gov

New Website Provides Cybersecurity Resources from Across the Federal Government - for my soul tell me sinkhole C2 - please I need this…


MAJOR CYBER SECURITY ANNOUNCEMENT

New Website Provides Cybersecurity Resources from Across the Federal Government as part of the ongoing response and mitigation, at the Direction of President Biden (see May 12, 2021 Executive Order) —agencies across the U.S. government finally announced new resources and initiatives. Which will serve to protect and prevent American businesses and communities from crippling ransomware attacks. 

If you missed this May 12, 2021 article — which walked you through the Biden Administration’s Executive Order and the cyber security plan. Then today’s announcement isn’t a surprise. Because the May 12th EO had very specific timetables. Notwithstanding today’s news is a most welcomed change in actual leadership. Like I said in May I walked you through the Biden Administration’s Improving the Nation’s Cybersecurity

It is refreshing to have a leader who fully acknowledges how vulnerable we as a Nation are, as it relates to the pervasive and persistent cyber attacks from hostile foreign nation states and cyber-criminal gangs, writ large. The previous administration frankly didn’t seem altogether interested nor acknowledge the massive cyber attacks our Nation sustained under the Trump presidency.

Someone I know who worked at the Trump White House gave me permission to use this quote:

the cyber isn’t for me…why do we care what the hacksters do…it’s not like we don’t do the same shit

I jokingly asked my friend —erm…what exactly is “the cyber” and did he invoke the 400lb imaginary person because he has a weird fascination with an imaginary 400lb hackster. Yes that’s not a typo that’s how Trump would occasionally call a hacker. Head meet desk and pound.

July 15, 2021 Joint DOJ & DHS Announcement

The Joint Announcement - which largely flew under the radar. Notwithstanding this is the long awaited one-stop-shop the DOJ and DHS formally announced the launch of StopRansomware.gov

…U.S. Department of Justice (DOJ) and the U.S. Department of Homeland Security (DHS), together with federal partners, have launched a new website to combat the threat of ransomware. StopRansomware.gov establishes a one-stop hub for ransomware resources for individuals, businesses and other organizations

The new StopRansomware.gov is a near whole of Government approach, across the federal government. The first ever joint website StopRansomware.gov created to help private and public organizations mitigate ransomware risk.


StopRansomware.gov

  • first ever central hub which consolidated ransomware resources from all federal government agencies

  • reduces the fragmentation of resources

  • the integration of federal ransomware resources into a single platform

    • includes clear guidance on how to report attacks

    • the latest ransomware-related alerts 

    • threats from all participating agencies


StopRansomware.gov includes resources and content from DHS’s Cybersecurity and Infrastructure Security Agency (CISA) the U.S. Secret Service, the DOJ’s FBI, the Department of Commerce’s National Institute of Standards and Technology (NIST), and the Departments of the Treasury and Health and Human Services.

In simpler terms - a cursory search of the newly launched StopRandsomeware.gov is truly a central repository for both the Public and Private Sector.

Cyber Hygiene Services

Free CISA scanning and testing services to help organizations assess, identify, and reduce their exposure to threats, including ransomware. Email us at vulnerability_info@cisa.dhs.gov to get started.

This suite of services includes:

  • Vulnerability Scanning: Identifies externally-accessible assets and services that are vulnerable to common attacks.

  • Web Application Scanning: Identifies website weaknesses and poor configurations that attackers may exploit.

  • Phishing Campaign Assessment: Determines the susceptibility of an organization’s personnel to opening malicious emails (i.e., phishing), which are a leading cause of ransomware.

  • Remote Penetration Test: Tests perimeter defenses by mimicking the techniques adversaries use to gain unauthorized access to networks

Cyber Security Evaluation Tool (CSET®)

The Cyber Security Evaluation Tool (CSET®) is a stand-alone desktop application that guides asset owners and operators through a systematic process of evaluating Operational Technology and Information Technology. On June 30, CSET was updated to include a new module: Ransomware Readiness Assessment (RRA). The RRA is a self-assessment based on a tiered set of practices to help organizations better assess how well they are equipped to defend against  and recover from a ransomware incident.

If you think you’re eyes are playing tricks on you - I can assure you that they are not. The Biden Administration has been (albeit originally slow out of the gate) has stepped up and it appears they are taking a far more aggressive and proactive approach. Below are a few previous articles that dissect the various criminal cases:

Now this particular article was widely overlooked—but it’s not my job to force you to read what I write. If I say something is implying —there’s a really high degree of confidence that it is…plus anytime I use binary means I’m about to get super spicy

This particular article took months to research, occasionally I’d walk away from it to clear my head and then return to researching what I needed to support the presentation of facts. But in all actuality this article was an extraordinarily heavy lift…

also read the article in concert with these two (apologies for the redundancy but if you haven’t figured out by now. My writing and research style has always been a “building of facts” and eventually (given enough time to maturate they dots will end up connecting:

StopRansomeware.gov NEWSROOM

COORDINATED ACTION CUTS OFF ACCESS TO VPN SERVICE USED BY RANSOMWARE GROUPS

  • Law enforcement and judicial authorities in Europe, the U.S., and Canada seized the web domains and server infrastructure of DoubleVPN. This is a virtual private network (VPN) service which provided a safe haven for cybercriminals to attack their victims. 

STATEMENT FROM CISA ACTING DIRECTOR WALES ON EXECUTIVE ORDER TO IMPROVE THE NATION’S CYBERSECURITY AND PROTECT FEDERAL NETWORKS

  • After President Biden signed an executive order to improve the nation’s cybersecurity and protect federal government networks, Brandon Wales, Acting Director if the Cybersecurity and Infrastructure Security Agency (CISA) released a statement about the importance of this step forward after the recent ransomware attacks on the Colonial Pipeline.

CISA AND CYBER.ORG PARTNER TO DELIVER CYBER SAFETY VIDEO SERIES

  • The Cybersecurity and Infrastructure Security Agency (CISA) and CYBER.ORG jointly announce a cyber safety video series to help those learning or working online take proactive steps to protect themselves and their business. The video series currently includes five videos that provide easy to understand cybersecurity concepts which include tips to avoid becoming a victim of a ransomware attack.

So I would highly recommend you read yesterday’s Joint Announcement, start securing your I.T. shit and REvil isn’t completely gone. My educated guess is it was a collective CyberSecurity Operation lead by us, America and our Allies - pretty sure eventually we will hear “sinkhole C2 servers” but meh whadda I know.

Also don’t freak out but I’m taking a few days off. I’m running on fumes and I just need a break because I feel like I’m working two full time jobs —Filey