The Best Defense Against Ransomware is a Good Offense

Ransomware is malicious software with one purpose: to extort money from its victims. It’s one of the most prolific crimes today, thanks to the multimillion-dollar ransoms criminals demand from individuals, governments, and corporations. These demands are always the same – pay the ransom, or have your operations severely compromised or entirely shut down.

According to PaloAlto Networks Unit 2021 Unit 42 Threat report, 2020 ransom demands averaged $847,000. They report also said, “Put simply: ransomware is a lucrative business. The average ransom paid by organizations in the U.S., Canada, and Europe (in 2020) saw a 171% year-over-year increase. With new tactics like double extortion, this number will only continue to rise.”

Fortunately, there are a lot of emerging technologies that can help stop ransomware attacks before they start. Organizations need to shift their thinking away from how they are going to react to a ransomware attack, to doing everything they can to prevent them.

Malicious Domain Blocking and Reporting (MDBR) is the latest service from the Center for Internet Security, Inc. (CIS®) that the Multi-State and Elections Infrastructure Information Sharing and Analysis Center (MS-ISAC® and EI-ISAC®) suggest be in every state, local, tribal, and territorial government organization and U.S. private hospital’s playbook. The MS- and EI-ISAC are grant-funded by the U.S. Department of Homeland Security (DHS), through the Cybersecurity Infrastructure Security Agency (CISA).

MDBR technology prevents IT systems from connecting to harmful web domains, helping limit infections related to known malware, ransomware, phishing, and other cyber threats. CIS offers this service at no charge to U.S. SLTT government organizations, which includes U.S. public K-12 school and public healthcare organizations.

In February 2021, CIS launched a million-dollar fund to offer MDBR to private U.S. hospitals at no charge as well.

More than 1,643 U.S. SLTT organizations were already reporting success with the MS-ISAC’s MDBR pilot program by the end of March 2021. At this time, MDBR had blocked more than 1.2 billion requests to known bad web domains for public sector members since its inception.

SLTTs, including public U.S. hospitals, can learn more about MDBR by sending inquiries to [email protected].

Private U.S. hospitals interested in MDBR can send inquiries to [email protected].

Other valuable ransomware tools can be found on the Global Cyber Alliance, CISA, and Institute of Security and Technology’s Ransomware Task Force websites.


About the Author
Lewis Robinson is the Vice President of Elections Operations for the Center for Internet Security, Inc. (CIS) 

Follow CIS on Twitter at @CISecurity and connect on LinkedIn.

Editor’s Note: The views expressed by the author are not necessarily those of the Global Cyber Alliance.