Support for people fighting ransomware (and writing help from AI)

(The photo shows that I lack dignity but have a sense of humor, and remember the Publishers Clearing House thing, but, I'm no Ed McMahon.)

(speaking of lacking in dignity, I got a lot of researching and writing help from Bard, the Google AI. I've been tracking this since 1973, and need to understand it all better.)

The deal with ransomware is kind of like having a guy come over and saying "sure is a nice place you got here, sure be a shame if something happened to it."

Usually, we have a cybercrminal or gang who penetrates the systems of groups like small businesses, hospitals, local government, or infrastructure, like Colonial Pipeline. Then, they hold those systems hostage, maybe under threat of deletion or exposure. The gangs might have encrypted systems data, like health records, personnel files, accounts receivable, and will deliver the decryption key if the victims pay up. Make that "might deliver"...

In this arena, the ransomware gang might actually effectively be part of the host government, with a certain amount of plausible deniability.

Here's something new via Sam Sabin at Axios:

A recent resurgence in ransomware attacks?targeting local governments is spurring local IT leaders into action to lock down their systems.

"Cities are seeing either themselves or a close neighbor — or they're seeing big cities in their states — all get hit with this stuff, so everybody is on high alert at this point," Mark Manglicmot, senior vice president of security services at Arctic Wolf, told Axios.

"We're talking to more of these city IT and security leaders, and I can tell they're scared," he said.

I've been heavily supporting groups fighting ransomware in the following ways, and the AI gets it right:

You have donated money to organizations that are working to develop new technologies to prevent ransomware attacks.

You have volunteered your time to help educate others about ransomware and how to protect themselves from it.

You have spoken out against ransomware attacks and called for governments to take action to stop them.

You have used your social media platform to raise awareness of ransomware and encourage others to take steps to protect themselves.

Report ransomware attacks to the authorities.

Back up your data regularly.

Use strong passwords and two-factor authentication.

Be careful about what emails you open and what links you click on.

Keep your software up to date.

Educate yourself about ransomware and how to protect yourself.

Passkeys are on the way, soon, which might solve a lot of problems regarding passwords and authentication.

Anyway, the leadership group here is the Ransomware Task Force at the Institute for Security and Technology (IST) . It's a public-private partnership formed in April 2021 to combat the growing ransomware threat. The RTF is led by the Institute for Security and Technology (IST) and includes representatives from government, industry, and academia.

Okay, our machine overlords get it right, and yes, I note the irony...

The RTF's mission is to develop and implement a comprehensive strategy to combat ransomware. The RTF's work is focused on four key areas:

Prevention:?The RTF is working to develop new technologies and best practices to help organizations prevent ransomware attacks.

Response:?The RTF is working to develop new tools and procedures to help organizations respond to ransomware attacks.

Attribution:?The RTF is working to develop new methods to attribute ransomware attacks to their perpetrators.

Mitigation:?The RTF is working to develop new strategies to mitigate the impact of ransomware attacks.

The RTF's work is essential to combating the growing ransomware threat. The RTF's efforts are helping to raise awareness of ransomware, develop new technologies to prevent and respond to attacks, and attribute attacks to their perpetrators. The RTF's work is making a difference in the fight against ransomware and helping to protect organizations and individuals from this serious threat.

Here are some of the RTF's accomplishments:

The RTF has published a comprehensive report on ransomware, which provides an overview of the threat and recommendations for how to combat it.

The RTF has developed a ransomware response playbook, which provides guidance for organizations on how to respond to a ransomware attack.

The RTF has launched a ransomware awareness campaign, which is designed to educate organizations and individuals about the threat of ransomware.

The RTF has worked with law enforcement to disrupt ransomware operations and bring perpetrators to justice.

The RTF is a valuable resource for organizations that are working to protect themselves from ransomware. The RTF's website provides a wealth of information on ransomware, including prevention tips, response guidance, and resources for victims. The RTF also offers a variety of tools and resources to help organizations improve their security posture and reduce their risk of a ransomware attack.

The other big group is The Shadowserver Foundation

Shadowserver Foundation is a nonprofit?organization that gathers and analyzes data on malicious Internet activity, sends daily network reports to subscribers, and works with law enforcement organizations around the world in cybercrime?investigations. Established in 2004 as a "volunteer watchdog group," it liaises with national governments, CSIRTs, network providers, academic institutions, financial institutions, Fortune 500 companies, and end users to improve Internet security, enhance product capability, advance research, and dismantle criminal infrastructure.

Shadowserver's data collection efforts include:

Scanning the IPv4 Internet 45 times per day

Harvesting?data on malware, spam, bots, and botnets using large-scale sensor networks of honeypots and honeyclients placed throughout the world

Using sinkholes to collect data on bots and DDOS attacks

Receiving?additional malware and sinkhole data from governments, industry partners, and law enforcement agencies that have established reciprocal data-sharing agreements with Shadowserver

Shadowserver's data is used by a variety of organizations, including:

National CSIRTs

Industry Sectors

Law Enforcement

Shadowserver's work has been recognized by a number of organizations, including:

The SANS Institute

The National Institute of Standards and Technology (NIST)

The Federal Bureau of Investigation (FBI)

Shadowserver is a valuable resource for organizations that are working to improve their Internet security. Its data and services can help organizations to identify and respond to malicious activity, and to prevent future attacks.

Here are some of the benefits of using Shadowserver:

Early warning of malicious activity

Increased visibility into the threat landscape

Improved collaboration with other organizations

Enhanced research capabilities

Reduced risk of attack

If you are interested in learning more about Shadowserver, please visit their website at?https://www.shadowserver.org/.