The U.S. Cybersecurity and Infrastructure Security Agency (CISA) and other national groups are urging organizations to take preventative action to protect themselves against a surge of ransomware attacks.
Local governments across the United States and overseas have been hit in recent weeks. Louisiana declared a state of emergency July 24 after three school systems were attacked with ransomware. Other targets have included the city of Baltimore, the Georgia court system and Lake City, Florida.
CISA, the Multi-State Information Sharing and Analysis Center (MS-ISAC), the National Governors Association and the National Association of State Chief Information Officers issued an advisory Monday calling on local government “along with the wider cyber community to take the following essential actions to enhance their defensive posture against ransomware. Through this collective action, we can better protect ourselves and our communities and further advance the cyber preparedness and resilience of the nation.”
The groups’ recommendations:
Backup your systems: Immediately and regularly back up all critical agency and system configuration information on a separate device and store the backups offline, verifying their integrity and restoration process. If recovering after an attack, restore a stronger system than you lost, fully patched and updated to the latest version.
Reinforce basic cybersecurity awareness and education: Ransomware attacks often require the human element to succeed. Refresh employee training on recognizing cyber threats. Phishing and suspicious links are the most common vectors for ransomware attacks. Remind employees how to report incidents to appropriate information technology staff in a timely manner, which should include out-of-band communication paths.
Revisit and refine cyber incident response plans: Agencies must have a clear plan to address attacks when they occur, including when internal capabilities are overwhelmed. Make sure response plans include how to request assistance from external cyber first responders such as state agencies, CISA and the MS-ISAC, in the event of an attack.