Press "Enter" to skip to content

A novel approach to ransomware recovery

The Executive Order intended to boost the federal government’s cyber defenses continues to show action.   NIST has released guidance for system engineers in a document titled “Engineering Trustworthy Secure Systems,”.  It is a resource for computer engineers and other professionals on the programming side of cybersecurity efforts.    A quote from NextGov: “One of the key updates NIST authors made in the latest version of the publication was a fresh emphasis on security assurances. In software systems engineering, assurance is represented by the evidence that a given system’s security procedures are robust enough to mitigate asset loss and prevent cyber attacks. “

State, local, and education IT officials intend to follow that EO’s guidance.  In a survey of officials, 67% are “somewhat likely” to adopt practices and activities outlined in Biden’s order, while another 19% said they are “very likely” to do so.

CISA also warns to critical infrastructure attacks by Russian state-sponsored actors.  The advisory warned against “common but effective tactics” used to gain initial access to victim networks, including spear phishing, brute force attacks, and exploiting known vulnerabilities.  The agency also highlighted 15 vulnerabilities that are being used in those compromises.    

The Record also highlights a novel approach to ransomware response – a Scandinavian hotel chain that switched all affected systems to Chrome OS.     Instead of contacting the hackers, the hotel moved its entire PC fleet from Windows to Chrome OS, and all within roughly three days, converting 2000 computers in 212 hotels in five countries.

Why do we care?

Think that through – a business moved entirely to Chrome OS in three days rather than pay the ransom.    

The resources pushed by the EO are becoming available, and as predicted the base level of standard is rising.   The federal-level flows to the state level, and out to the contractors working with all of those agencies.     I have an interview discussing the entire SLED space coming out, but for those wondering how those executive orders make it to the field, this is how.