Get Cyber Smart: Behind the Screens

Issue #2 - The Senate thinks Ransomware is Terrorism. Is IT?

Thanks for sticking with me for another issue of Get CyBUr Smart: Behind the Screens. Let’s get right into it.

Screen #1 - Politicians keeps trying to Cyber!

(Reference: https://cyberscoop.com/ransomware-terrorism-ndaa-2025/)

Our political geniuses are at it again, trying to “cyber”. In this case, the Senate Intelligence Committee. Here is the main point in the referenced article:

“Sponsored by committee Chairman Mark Warner, D-Va., the bill contains novel language regarding ransomware that seeks to address increasingly rampant and damaging ransomware attacks by calling out ransomware gangs by name and branding them as “hostile foreign cyber actors”; designating nations that harbor ransomware actors as “state sponsors of ransomware” and slapping such states with sanctions; and granting the U.S. intelligence community greater legal authority to go after ransomware actors by elevating ransomware to the level of a national intelligence priority.’

It may be useful before going any further to define terrorism. From FBI.GOV:

“International terrorism: Violent, criminal acts committed by individuals and/or groups who are inspired by, or associated with, designated foreign terrorist organizations or nations (state-sponsored).

Domestic terrorism: Violent, criminal acts committed by individuals and/or groups to further ideological goals stemming from domestic influences, such as those of a political, religious, social, racial, or environmental nature.”

Now, I am not going to downplay the fact that ransomware is bad; it has resulted in deaths as a result of attacks against healthcare, but this crime is criminally motivated. We can argue that there are nation-state affiliations with some ransomware groups, such as North Korea’s Lazarus Group, but you really need to expand on the definition of “violence” to get to the terrorism angle.

I don’t necessarily fault the Senators for wanting to do something. But throwing crap against the wall and hoping it sticks is not really the way. Let’s also understand here that the idea that “designating” a ransomware group as a terrorist organization is going to have some mitigating impact is a fool’s folly (I hope I use that phrase correctly.) The groups change names like most of us change socks. Attribution to the actual actors behind the groups is tedious, takes a lot of time, and requires a host of investigative methods, and even then, the results are limited. We have already seen sanctions and indictments against identified ransomware actors but have we seen ransomware decline? NOPE.

This is not to mean finding unique methods to try and punish ransomware actors is useless, but let’s at least be honest about the limitations. Passing this idea may get a day or two of headlines, experts weighing in on the “cyber geniusness” of our leaders, but at the end of the day it is unlikely to have any impact. Groups will simply change their name and carry on.

As for giving the Intel Community more legal authority, ok, that may be a good plan, but they are still limited by reach in foreign countries. Plus, honestly, do we really think they don’t have enough access to sources and methods now. I don’t, and I offer someone to prove me incorrect.

Before I get to Screen #2 a quick advertisement break for my book: Get CyBUr Smart: A User-Friendly Guide to Keeping Your Family, Your Business, and Yourself Online.

Screen #2 - BUT DARREN HOW DO WE SOLVE THE PROBLEM?!?!

I don’t want to leave Screen 1 hanging without my own special thoughts on potential solutions. Let’s start off by realizing we probably can’t solve the ransomware problem, but I think we CAN reduce the threat it poses to businesses by doing a couple of things, or at least trying a couple of things:

1. Awareness - At the end of the day. most companies think they are too small to be targets of ransomware

   attacks. Unfortunately, the ransomware groups don’t care. If companies start with the understanding that they WILL become targets/victims, they can put together a plan to reduce the chance of becoming a victim. This includes acquiring intelligence feeds (and having people in place to review them) and keeping people thinking about smart cybersecurity-related actions (strong passwords, MFA, cyber controls/policies, etc…)

2. Incorporate Zero Trust principles - For small and medium businesses they may think this is too complicated or expensive, but you don’t have to dive all in at once. Start with basics like white-listing, network segmentation, and incorporating the principle of least privilege. START SOMEWHERE.

3. Plan to be a victim - Having a plan in place to deal with an “incident”, and testing that plan can do nothing but put your business in a position to quickly recover from ransomware or ANY cyber-related attack or incident. I have done several cyber risk assessments in the past couple months, and none of these organizations had an Incident Response Plan. I am willing to wager that this is more the rule than the exception. AGAIN START SOMEWHERE!

Screen #3 - Putting my money where my mouth is.

Ok, you are an SMB, you just read this and thought “But where do I start?” I am going to try something with this Screen this week. I know this is a newsletter and you expect to read my thoughts, but a couple of weeks ago, I did a quick video podcast exactly on this point. Watch it here (it is only 5 minutes):

If you are an SMB and want to take me up on this. Here is a Calendly link where you can hit me up for a free half hour consult. I’ll repeat it again - START SOMEWHERE!

Thank you for reading and sharing the Behind the Screens newsletter. If you have questions/thoughts/comments please email me at darren@thecyburguy.com or follow me on LinkedIn.

As you go throughout your week, know that #knowledgeisprotection. If we can understand the threats targeting us, we can assess our risk and proceed wisely online. Have a cyber-safe week.

Your buddy, Darren (The CyBUr Guy)

P.S. I know this newsletter is pretty basic and visually weak, but I am no artist. Hopefully, the content makes up for it. Have a great weekend.

P.S.S. - This newsletter is 100% AI-Free (ok, except for the Logo, but I have no artistic skill, so I needed some help there.)

If you are interested in my other content, please check out my podcasts:

The CyBUr Guy Podcast

The CyBUr Smart Morning News Update

The Tactical Cyber Podcast

All are available on your favorite podcast platform. Give a listen, tell a friend.