Jul 07 2016

VA Responds to Ransomware Threats with Help from DHS

After the attempted attack in March, the agency repelled the ransomware intrusion and collaborated closely with Homeland Security on its response.

It’s an example of real teamwork: The departments of Veterans Affairs and Homeland Security worked together to prevent the VA from being affected by a ransomware attack, according to VA CIO LaVerne Council.

When asked about the agency’s defenses against cybersecurity attacks like ransomware, Council testified before the Senate Committee on Veterans’ Affairs that “we had to interface with it — you weren’t aware of it because we were able to address it from an IT perspective and correct it quickly.”

Collaboration with DHS

According to FedScoop, Council wouldn’t say when or where in VA’s networks the attack occurred, but she did say “it did try to come into the environment” and “we were well prepared for it.”

Council said that the VA’s IT staff immediately alerted the appropriate authorities at the DHS “as we normally would when one of those things happens.” The incident occurred in March 2016, according to FedScoop.

Council added that VA is working with DHS and the National Institute of Standards and Technology to improve its cybersecurity posture.

“We’ve been very collaborative with them,” Council said. “DHS has been doing penetration tests for us and giving us feedback on where our opportunities are, and we want to leverage whatever they’re doing, real-time.”

“I’m real pleased that they’ve been there for us,” she said.

A Growing Threat

Ransomware, through which malicious actors infect a computer system or network with malware and hold data or the system itself hostage in exchange for payment, is now the most problematic cybersecurity threat. In fact, it is even more dangerous than advanced persistent threat network attacks, according to a May report from cybersecurity researchers at Kaspersky Lab.

Additionally, researchers at Unit 42, the Palo Alto Networks threat intelligence team, said in a report in May that cryptographic ransomware is “one of the greatest cyberthreats facing organizations around the world.” The threat is likely to grow as organizations connect more devices to the Internet of Things, the report speculates, saying “no system is immune to attack, and any device that an attacker can hold for ransom will be a target in the future.”

Hospitals and medical facilities could be particularly vulnerable to ransomware attacks, partly because there are numerous devices in hospitals that are connected to the Internet but are unsecured or have not been patched, and because hospitals are environments in which a lot of data flows through wired and wireless networks.

Indeed, the Health Information Trust Alliance has created what it calls the “Enhanced Indicators of Compromise Collection Pilot,” which is intended to improve health organizations’ awareness of cybersecurity threats by distributing information more widely, according to the website HealthITSecurity. The pilot program has been able to help healthcare organizations reduce the time it takes to detect a threat like ransomware, the website reported.

The federal government is adamantly opposed to an agency giving in to a ransomware threat, and the DHS and FBI have given agencies’ guidance on how to respond to such attacks.

“Paying a ransom doesn’t guarantee an organization that it will get its data back—we’ve seen cases where organizations never got a decryption key after having paid the ransom,” FBI Cyber Division Assistant Director James Trainor said in a statement in April. “Paying a ransom not only emboldens current cyber criminals to target more organizations, it also offers an incentive for other criminals to get involved in this type of illegal activity. And finally, by paying a ransom, an organization might inadvertently be funding other illicit activity associated with criminals.”


Become an Insider

Unlock white papers, personalized recommendations and other premium content for an in-depth look at evolving IT