The U.S Cybersecurity & Infrastructure Security Agency (CISA) today released a ransomware guide developed in coordination with the Multi-State Information Sharing and Analysis Center (MS-ISAC). The guide is now available on CISA's website: https://www.cisa.gov/publication/ransomware-guide
The resource was developed for state, local, tribal and territorial governments (SLTT) and small-to-midsize businesses but is widely applicable for all CISA partners.
The guide has two parts:
- First, the guide focuses on best practices for ransomware prevention, detailing practices organizations should continuously engage in to help manage the risk posed by ransomware and other cyber threats. This information is intended to proactively set partners up for success if they are confronted with malicious cyber activity associated with ransomware. These ransomware best practices and recommendations are based on operational insight from CISA and the MS-ISAC.
- Second, the guide includes a step-by-step prioritized ransomware response checklist that organizations can use as an annex to their cyber incident response plans. Proactive risk management is the focus of CISA's assistance to partners. If your organization should become impacted by a cyber incident it is important to have an agreed-upon plan and communications strategy, in-advance, that helps organizations get back to business in a coordinated and efficient manner. It includes steps an organization should take if impacted by a ransomware incident and outlines how to request assistance from the federal government. All organizations need a plan.
Ransomware is a form of malware designed to encrypt files on a device, rendering any files and the systems that rely on them unusable. Malicious actors then demand ransom in exchange for decryption. In recent years, ransomware incidents have become increasingly prevalent among the nation's SLTT government entities and critical infrastructure organizations.
Ransomware incidents have become more destructive and impactful in nature and managing the risk associated with ransomware and other cyber threats is especially important in the era of COVID-19 with the quick and overwhelming transition of many organizations to remote work.