WASHINGTON - Today the U.S. Secret Service hosted a Cyber Incident Response Simulation with executive business leaders, law enforcement and other government agencies focused on cyberattacks, ransomware and incident response plans.
Ransomware is malicious software designed to block access to a computer system or data, often by encrypting data or programs to extort ransom payments from victims in exchange for decrypting the information and restoring access to systems or data. It has rapidly emerged as a significant cybersecurity threat affecting the nation’s networks. Ransomware attacks can lead to the loss of critical personal and commercial information, as well as compromised business functionality. After the initial infection, the ransomware attempts to spread to shared storage drives and other accessible systems. If the demands are not met, the system or encrypted data remain unavailable, and may be deleted.
“Our cyber incident response simulations are aimed at strengthening our partnerships with the private sector and ensuring that we work together before an incident occurs,” said Office of Investigations Assistant Director David Smith. “These simulations help our private sector partners better understand the critical nature of cyber security preparedness, as well as the role and capabilities of law enforcement. Recognizing a cyber intrusion and quickly activating an incident response plan is essential to mitigating an attack and shielding an organization from damage. Simulations also build trust between the private sector and law enforcement, increasing our ability to respond quickly and effectively when needed.”
The training was the tenth of its kind and the first in-person event in over two years. It was conducted with members of the Cyber Incident Alliance Council. Executives who play an active part in their organization’s cyber incident response were offered a simulated scenario to enhance planning, collaboration and information sharing between the private sector and law enforcement. The simulation showcased an escalating cyber-attack on a fictional company, allowing participants to gain a better understanding of how to efficiently and effectively respond to a ransomware attack.
The Secret Service uses a dual approach to investigating ransomware attacks. When notified, the Secret Service responds with technical investigations focusing on identifying cyber actors whose intent is to remain anonymous, and financial investigations focusing on identifying ransom recipients whose intent is to disguise the transactions.
Speaking at the event were Chris Inglis, National Cyber Director, Executive Office of the President, Greg Touhill, Director of CERT Division, Carnegie Mellon University and Bill Fisher, Security Engineer National Cybersecurity Center of Excellence - NIST
Learn more about the Secret Service investigative mission.