Federal cyber agency announces new campaign to fight ransomware attacks

The Cybersecurity and Infrastructure Security Agency (CISA) on Thursday rolled out a new public awareness campaign to push back against the plague of ransomware cyberattacks that have increasingly targeted governments and the nation’s education systems.

Acting CISA Director Brandon Wales announced the program Thursday during an appearance at the U.S. Conference of Mayors’ virtual winter meeting, saying in a statement provided to The Hill prior to the event that “CISA is committed to working with organizations at all levels to protect their networks from the threat of ransomware.”

“This includes working collaboratively with our public and private sector partners to understand, develop and share timely information about the varied and disruptive ransomware threats,” Wales said. “Anyone can be the victim of ransomware, and so everyone should take steps to protect their systems.”

The campaign will involve CISA stepping up its efforts to inform organizations across various sectors about resources available to counter or prevent ransomware attacks, including trainings and webinars and through CISA issuing alerts around ransomware concerns when necessary. 

The awareness campaign will be particularly focused on K-12 institutions, which have been hit hard by ransomware attacks during the COVID-19 pandemic as many classes moved online, and on organizations involved in supporting COVID-19 response, another key target of hackers. 

Ransomware attacks, which involve an attacker encrypting a system and demanding payment to give back access, most recently interrupted classes in Baltimore County, Md., while school districts in Fairfax County, Va. and Miami-Dade County, Fla. have also been hit by cyberattacks in recent months. 

Concern has also increased around groups involved in both COVID-19 research and in the vaccine supply chain, with Wales saying last month that CISA was working with both the FBI and the National Security Agency to address cyber risks to these companies. 

Wales on Thursday encouraged mayors participating in the conference to help CISA in spreading the word about the public awareness campaign, and strongly urged mayors not to pay ransoms demanded by hackers if they were hit by a cyberattack.

“Together, we can defend today and secure tomorrow,” Wales said at the conference. 

CISA is not alone in working to fight against ransomware. The Ransomware Task Force — a non-profit formed last month that includes companies such as Microsoft, FireEye and McAfee — is working to create a roadmap of policy ideas to counter ransomware attacks, which have also increasingly hit vulnerable hospitals during the COVID-19 pandemic.