The #Stopransomware Guide update was released in May 2023 jointly by the Cybersecurity and Infrastructure Security Agency (CISA) and the Multi-State Information Sharing & Analysis Center (MS-ISAC). Information in this guide was developed by the Joint Ransomware Task Force (JRTF) which is overseen by the Federal Bureau of Investigation (FBI) and CISA. to help organizations reduce the risk of ransomware events. In this revision the National Security Agency (NSA) and FBI were added as contributors.
What is Ransomware?
Ransomware is a malware attack on data that encrypts files to render the data unusable. Victims of these attacks are then pressured into paying a ransom to threat actors to retrieve data and prevent this proprietary data from being released.
Ransomware attacks are continuing to increase in numbers and have proven to be costly for organizations victimized. These events can severely impact processes by rendering mission-critical services inoperable. This can result in economic and reputational damage as third-party data is often compromised.
What was Added in this Update?
In this update recommendations were made for preventing vulnerable infection vectors such as compromised credentials and various forms of social engineering. Recommendations were also updated to promote Zero Trust Architecture (ZTA). Additionally, the ransomware response checklist was expanded with tips for detection and analysis of ransomware attacks. All of these recommendations were cross mapped to CISA’s Cross-Sector Cybersecurity Performance Goals (CPGs).
Guidance to Prevent, Respond and Recover
The twenty-nine-page document provides step by step approaches to detect, prevent, and respond to incidents through best practices. It is stressed that offline encrypted backups be maintained that are not synced to the cloud. It is also stressed that a hard copy of a cyber–Incident Response Plan (IRP) be formulated and regularly reviewed.
Much of the guidance reiterates best practices that have been accepted by the cybersecurity community at large. These include the use of regular vulnerability scans, updating software and operating systems, use of VPNs, password protocols and protections, and of course training. Regardless, this document is a must read for anybody involved in information security management.
Part 2 of the document provides a checklist for ransomware and data extortion response that is critical knowledge for any organization. This includes steps for detection and analysis, reporting and notification, and containment and eradication. Additionally, the guidance provides contact information for federal agencies that should be notified in the event of a ransomware attack.
CVG Strategy Cybersecurity
As the #stopransomware guide update illustrates, requirements for data protection surpass the implementation of information control technologies. Policies that incorporate risk assessment, training, and management review are required to ensure that an organization is on track for the prevention of initial access by threat actors and data exfiltration.
CVG Strategy consultants provide training to make your entire team aware of cyberattacks and how to employ processes to prevent these threats. We can assist with reviews of policies, risk assessment approaches, and best practices to build management systems capable of handling complex cybersecurity requirements.
Our ISMS consulting services help organizations plan, create, upgrade, and certify a robust and effective Information Security Management System (ISMS). Our team of experts bring extensive experience and deep information security process control expertise (including certifications as Exemplar Global Lead Auditor ISO/IEC 27001:2013 Lead Auditor) to ensure that you achieve ISO 27001 certification—on time and on budget.
CVG Strategy is also committed to the goals of CMMC in securing our defense manufacturing supply chain’s information secure. As industry leaders in cybersecurity, ITAR, and risk-based management systems. We have experience with companies of all sizes and understand the importance of innovating flexible approaches to meeting the requirements CMMC, establishing effective programs, and achieving certification.