BIG NEWS DOJ, WH & DHS Launches First One-Stop Ransomware Resource StopRansomware.gov
New Website Provides Cybersecurity Resources from Across the Federal Government - for my soul tell me sinkhole C2 - please I need this…
MAJOR CYBER SECURITY ANNOUNCEMENT
New Website Provides Cybersecurity Resources from Across the Federal Government as part of the ongoing response and mitigation, at the Direction of President Biden (see May 12, 2021 Executive Order) —agencies across the U.S. government finally announced new resources and initiatives. Which will serve to protect and prevent American businesses and communities from crippling ransomware attacks.
If you missed this May 12, 2021 article — which walked you through the Biden Administration’s Executive Order and the cyber security plan. Then today’s announcement isn’t a surprise. Because the May 12th EO had very specific timetables. Notwithstanding today’s news is a most welcomed change in actual leadership. Like I said in May I walked you through the Biden Administration’s Improving the Nation’s Cybersecurity
It is refreshing to have a leader who fully acknowledges how vulnerable we as a Nation are, as it relates to the pervasive and persistent cyber attacks from hostile foreign nation states and cyber-criminal gangs, writ large. The previous administration frankly didn’t seem altogether interested nor acknowledge the massive cyber attacks our Nation sustained under the Trump presidency.
Someone I know who worked at the Trump White House gave me permission to use this quote:
“the cyber isn’t for me…why do we care what the hacksters do…it’s not like we don’t do the same shit”
I jokingly asked my friend —erm…what exactly is “the cyber” and did he invoke the 400lb imaginary person because he has a weird fascination with an imaginary 400lb hackster. Yes that’s not a typo that’s how Trump would occasionally call a hacker. Head meet desk and pound.
July 15, 2021 Joint DOJ & DHS Announcement
…U.S. Department of Justice (DOJ) and the U.S. Department of Homeland Security (DHS), together with federal partners, have launched a new website to combat the threat of ransomware. StopRansomware.gov establishes a one-stop hub for ransomware resources for individuals, businesses and other organizations…
The new StopRansomware.gov is a near whole of Government approach, across the federal government. The first ever joint website StopRansomware.gov created to help private and public organizations mitigate ransomware risk.
first ever central hub which consolidated ransomware resources from all federal government agencies
reduces the fragmentation of resources
the integration of federal ransomware resources into a single platform
includes clear guidance on how to report attacks
the latest ransomware-related alerts
threats from all participating agencies
StopRansomware.gov includes resources and content from DHS’s Cybersecurity and Infrastructure Security Agency (CISA) the U.S. Secret Service, the DOJ’s FBI, the Department of Commerce’s National Institute of Standards and Technology (NIST), and the Departments of the Treasury and Health and Human Services.
In simpler terms - a cursory search of the newly launched StopRandsomeware.gov is truly a central repository for both the Public and Private Sector.
Cyber Hygiene Services
This suite of services includes:
Vulnerability Scanning: Identifies externally-accessible assets and services that are vulnerable to common attacks.
Web Application Scanning: Identifies website weaknesses and poor configurations that attackers may exploit.
Phishing Campaign Assessment: Determines the susceptibility of an organization’s personnel to opening malicious emails (i.e., phishing), which are a leading cause of ransomware.
Remote Penetration Test: Tests perimeter defenses by mimicking the techniques adversaries use to gain unauthorized access to networks
Cyber Security Evaluation Tool (CSET®)
The Cyber Security Evaluation Tool (CSET®) is a stand-alone desktop application that guides asset owners and operators through a systematic process of evaluating Operational Technology and Information Technology. On June 30, CSET was updated to include a new module: Ransomware Readiness Assessment (RRA). The RRA is a self-assessment based on a tiered set of practices to help organizations better assess how well they are equipped to defend against and recover from a ransomware incident.
If you think you’re eyes are playing tricks on you - I can assure you that they are not. The Biden Administration has been (albeit originally slow out of the gate) has stepped up and it appears they are taking a far more aggressive and proactive approach. Below are a few previous articles that dissect the various criminal cases:
WYATT TRAVNICHEK - indicted for hacking into a Kansas public water system
PETER YURYEVICH LEVASHOV are you still cooperating? sinkhole servers, C2 servers.
BOLO -House Energy Committee mark ups -June 10th - I’ll highlight the important bills - It’s up to you if you want to know what legislation is currently making its way through the labyrinth of the Legislative Branch. Read if interested
The INSIDER THREAT is also very real and can be equally as destructive as an outside threat - Chief Operating Officer of Network Security Company Charged with Cyberattack on Medical Center - Vikas Singla - Indicted
DHS Fiscal Year 2022 - June 17th Testimony of DHS Secretary ALEJANDRO N. MAYORKAS - For those who are unaware -in June/July various Federal Agencies appear before Congress to fully explain their (new) Fiscal Year Budget Request. I know that this is boring but it’s also very important
Norway; APT31 aka Zirconium (China) is behind the near catastrophic 2018 government hack; Zirconium - Bronze Vinewood -Judgment Panda
Now this particular article was widely overlooked—but it’s not my job to force you to read what I write. If I say something is implying —there’s a really high degree of confidence that it is…plus anytime I use binary means I’m about to get super spicy
This particular article took months to research, occasionally I’d walk away from it to clear my head and then return to researching what I needed to support the presentation of facts. But in all actuality this article was an extraordinarily heavy lift…
Emotet Botnet Disrupted in International Cyber Operation -DOJ RADE and the cyber ecosystem -NOBELIUM - Emotet Malware Infected More than 1.6 Million Victim Computers and Caused Hundreds of Millions of Dollars in Damage Worldwide
also read the article in concert with these two (apologies for the redundancy but if you haven’t figured out by now. My writing and research style has always been a “building of facts” and eventually (given enough time to maturate they dots will end up connecting:
PETER YURYEVICH LEVASHOV are you still cooperating? sinkhole servers, C2 servers.
Ukraine Cyberpolice exposes hacker group for spreading encryption virus… CLOP Gang - Inflicting nearly half a billion dollars in damage to foreign companies
Law enforcement and judicial authorities in Europe, the U.S., and Canada seized the web domains and server infrastructure of DoubleVPN. This is a virtual private network (VPN) service which provided a safe haven for cybercriminals to attack their victims.
After President Biden signed an executive order to improve the nation’s cybersecurity and protect federal government networks, Brandon Wales, Acting Director if the Cybersecurity and Infrastructure Security Agency (CISA) released a statement about the importance of this step forward after the recent ransomware attacks on the Colonial Pipeline.
The Cybersecurity and Infrastructure Security Agency (CISA) and CYBER.ORG jointly announce a cyber safety video series to help those learning or working online take proactive steps to protect themselves and their business. The video series currently includes five videos that provide easy to understand cybersecurity concepts which include tips to avoid becoming a victim of a ransomware attack.
CISA LAUNCHES CAMPAIGN TO REDUCE THE RISK OF RANSOMWARE The Cybersecurity and Infrastructure Security Agency (CISA) announces the Reduce the Risk of Ransomware Campaign, a focused, coordinated, and sustained effort to encourage public and private sector organizations to implement best practices, tools and resources that can help them mitigate this cybersecurity risk and threat.
CISA AND MS-ISAC RELEASE JOINT RANSOMWARE GUIDE The Cybersecurity and Infrastructure Security Agency (CISA) and Multi-State Information Sharing and Analysis Center (MS-ISAC) are releasing a joint Ransomware Guide meant to be a one-stop resource for stakeholders on how to be proactive and prevent these attacks from happening and also a detailed approach on how to respond to an attack and best resolve the cyber incident.
A Romanian woman pleaded guilty to federal charges stemming from her role in a conspiracy to illegally access approximately126 computers associated with Metropolitan Police Department (MPD) surveillance cameras, and to use those computers in connection with a scheme to distribute ransomware in January 2017.
Iraninian nationals were charged with committing a sophisticated ransomware attack on the City of Atlanta in violation of the Computer Fraud and Abuse Act.
A Russian national and organization BTC-e were indicted by a grand jury in Northern California for operating an unlicensed money service business, money laundering and related crimes. BTC-e was noted for its role in numerous ransomware and other cyber criminal activity, according to Special Agent in Charge of the USSS Criminal Investigative Division Michael D’Ambrosio.
A criminal complaint and arrest warrants were unsealed charging two Romanian nationals with a conspiracy to illegally access approximately 123 computers associated with Metropolitan Police Department (MPD) surveillance cameras and to use those computers in connection with a scheme to distribute ransomware in January 2017.
So I would highly recommend you read yesterday’s Joint Announcement, start securing your I.T. shit and REvil isn’t completely gone. My educated guess is it was a collective CyberSecurity Operation lead by us, America and our Allies - pretty sure eventually we will hear “sinkhole C2 servers” but meh whadda I know.
Also don’t freak out but I’m taking a few days off. I’m running on fumes and I just need a break because I feel like I’m working two full time jobs —Filey