Homeland Security Digital Library

SEARCH THE HSDL

Searching for terms: ALL (ransomware) in: title or summary

Results 1 - 30 (of 128) sorted by relevance sort by date

Only 2/3! You are seeing results from the Public Collection, not the complete Full Collection. Sign in to search everything (see eligibility).

Getting Started with Cybersecurity Risk Management: Ransomware

Show summary Open resource [pdf] (open full abstract)
From the Document: "'With the threat of ransomware growing, this "quick start guide" will help organizations use the National Institute of Standards and Technology (NIST) "Ransomware Risk Management: A Cybersecurity Framework Profile" to combat ransomware.' Like the broader 'NIST Cybersecurity Framework', which is widely used voluntary guidance to help organizations better manage and reduce cybersecurity risk, the customized ransomware profile fosters communications and risk-based actions among internal and external stakeholders, including partners and suppliers. 'The Framework is organized by five key Functions - Identify, Protect, Detect, Respond, and Recover.' These five terms provide a comprehensive way to view the lifecycle for managing cybersecurity risk. The activities listed under each Function offer a good starting point for any organization, including those with limited resources to address cybersecurity challenges. They help to set priorities so that an organization gets the greatest value out of its efforts to manage ransomware risks. Much depends on how sophisticated your current operations are in terms of cybersecurity risk management. While there are many other things that can and should be done to combat ransomware, it is important to recognize that you don't need to do everything all at once. 'Getting started is the key in cybersecurity, including managing ransomware risks!'" This document is a companion guide to "Ransomware Risk Management: 'A Cybersecurity Framework Profile'" located here in HSDL: [https://www.hsdl.org/?abstract&did=864618].

National Institute of Standards and Technology (U.S.)

2022-02
Future of Ransomware and Social Engineering: Understanding Ransomware Trends, Users, and the Malicious Social Engineering Tactics They Use

Show summary Open resource [pdf] (open full abstract)
From the Document: "Extortion is a tactic that has long been used by criminals for financial gain. Digital extortion through ransomware continues to represent a significant cyber threat to individuals, small businesses, corporations, and government entities. While cyber attacks are generally considered as technical exercises, successful ransomware operations employ social engineering tactics to help identify and exploit target vulnerabilities. Private sector, non-governmental organization (NGO), and government analysts were brought together by the Office of the Director of National Intelligence and the Department of Homeland Security to examine the current state of ransomware, understand how social engineering tactics are currently employed, and how ransomware attacks may change over the next two years. In this paper, ransomware is defined as malicious software that blocks access to computer systems or files until money is paid. Social engineering is defined as using human interaction to psychologically manipulate targets through deception and persuasion in order to influence the target's actions."

United States. Department of Homeland Security. Office of Intelligence and Analysis

2017-08-24
DarkSide Ransomware: Best Practices for Preventing Business Disruption from Ransomware Attacks

Show summary Open resource [pdf] (open full abstract)
From the Document: "The Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) are aware of a ransomware attack affecting a critical infrastructure (CI) entity--a pipeline company--in the United States. Malicious cyber actors deployed DarkSide ransomware against the pipeline company's information technology (IT) network. At this time, there is no indication that the entity's operational technology (OT) networks have been directly affected by the ransomware. CISA and FBI urge CI asset owners and operators to adopt a heightened state of awareness and implement the recommendations listed in the Mitigations section of this Joint Cybersecurity Advisory, including implementing robust network segmentation between IT and OT networks; regularly testing manual controls; and ensuring that backups are implemented, regularly tested, and isolated from network connections. These mitigations will help CI owners and operators improve their entity's functional resilience by reducing their vulnerability to ransomware and the risk of severe business degradation if impacted by ransomware."

United States. Federal Bureau of Investigation; United States. Cybersecurity & Infrastructure Security Agency

2020-05-11
Ransomware Guide

Show summary Open resource [pdf] (open full abstract)
From the Overview: "Ransomware is a form of malware designed to encrypt files on a device, rendering any files and the systems that rely on them unusable. Malicious actors then demand ransom in exchange for decryption. In recent years, ransomware incidents have become increasingly prevalent among the Nation's state, local, tribal, and territorial (SLTT) government entities and critical infrastructure organizations. Ransomware incidents can severely impact business processes and leave organizations without the data they need to operate and deliver mission-critical services. Malicious actors have adjusted their ransomware tactics over time to include pressuring victims for payment by threatening to release stolen data if they refuse to pay and publicly naming and shaming victims as secondary forms of extortion. The monetary value of ransom demands has also increased, with some demands exceeding US $1 million. Ransomware incidents have become more destructive and impactful in nature and scope. Malicious actors engage in lateral movement to target critical data and propagate ransomware across entire networks. These actors also increasingly use tactics, such as deleting system backups, that make restoration and recovery more difficult or infeasible for impacted organizations. The economic and reputational impacts of ransomware incidents, throughout the initial disruption and, at times, extended recovery, have also proven challenging for organizations large and small. This 'Ransomware Guide' includes two resources: Part 1: Ransomware Prevention Best Practices; Part 2: Ransomware Response Checklist."

United States. Cybersecurity & Infrastructure Security Agency

2020-09
Fact Sheet: Ransomware and HIPAA

Show summary Open resource [pdf] (open full abstract)
From the Document: "A recent U.S. Government interagency report indicates that, on average, there have been 4,000 daily ransomware attacks since early 2016 (a 300% increase over the 1,000 daily ransomware attacks reported in 2015). Ransomware exploits human and technical weaknesses to gain access to an organization's technical infrastructure in order to deny the organization access to its own data by encrypting that data. However, there are measures known to be effective to prevent the introduction of ransomware and to recover from a ransomware attack. This document describes ransomware attack prevention and recovery from a healthcare sector perspective, including the role the Health Insurance Portability and Accountability Act (HIPAA) has in assisting HIPAA covered entities and business associates to prevent and recover from ransomware attacks, and how HIPAA breach notification processes should be managed in response to a ransomware attack."

United States. Department of Health and Human Services

2016-07-11?
Cybersecurity Framework Profile for Ransomware Risk Management [Preliminary Draft]

Show summary Open resource [pdf] (open full abstract)
From the Document: "Ransomware is a type of malicious attack where attackers encrypt an organization's data and demand payment to restore access. In some instances, attackers may also steal an organization's information and demand an additional payment in return for not disclosing the information to authorities, competitors, or the public. Ransomware disrupts or halts an organization's operations and poses a dilemma for management: pay the ransom and hope that the attackers keep their word about restoring access and not disclosing data, or do not pay the ransom and restore operations themselves. The methods used to gain access to an organization's information and systems are common to cyberattacks more broadly, but they are aimed at forcing a ransom to be paid. Ransomware attacks target the organization's data. Fortunately, organizations can follow recommended steps to prepare for and reduce the potential for successful ransomware attacks. This includes identifying and protecting critical data, systems, and devices from ransomware, and preparing to respond to any ransomware attacks that succeed. There are many resources available to assist organizations in these efforts. They include information from the National Institute of Standards and Technology (NIST) [hyperlink], the Federal Bureau of Investigation (FBI) [hyperlink], and the Department of Homeland Security (DHS) [hyperlink]. The security capabilities and measures provided in this profile support a detailed approach to preventing and mitigating ransomware events. Even without undertaking all of these measures, there are some basic preventative steps that an organization can take now to protect against the ransomware threat." The final draft of this report can be found here: [https://www.hsdl.org/?abstract&did=864618].

National Institute of Standards and Technology (U.S.); United States. Department of Commerce

Barker, William C.; Scarfone, Karen; Fisher, William . . .

2021-06
Ransomware Trends in Bank Secrecy Act Data Between January 2021 and June 2021

Show summary Open resource [pdf] (open full abstract)
From the Executive Summary: "This Financial Trend Analysis is in response to the increase in number and severity of ransomware attacks against U.S. critical infrastructure since late 2020. For example, in May 2021, hackers used a ransomware attack to extort a multi-million dollar ransom, which also disrupted the Colonial Pipeline and caused gasoline shortages. Other recent attacks have targeted various sectors, including manufacturing, legal, insurance, health care, energy, education, and the food supply chain in the United States and across the globe. [...] Trends represented in this report illustrate financial institutions' identification and reporting of ransomware events and may not reflect the actual dates associated with ransomware incidents. FinCEN [Financial Crimes Enforcement Network]'s analysis of ransomware-related SARs [Suspicious Activity Reports] highlights average ransomware payment amounts, top ransomware variants, and insights from FinCEN's blockchain analysis[.]"

Financial Crimes Enforcement Network (U.S.)

2021-10-15?
Ransomware Risk Management: 'A Cybersecurity Framework Profile'

Show summary Open resource [pdf] (open full abstract)
From the Abstract: "Ransomware is a type of malicious attack where attackers encrypt an organization's data and demand payment to restore access. Attackers may also steal an organization's information and demand an additional payment in return for not disclosing the information to authorities, competitors, or the public. This Ransomware Profile identifies the Cybersecurity Framework Version 1.1 security objectives that support identifying, protecting against, detecting, responding to, and recovering from ransomware events. The profile can be used as a guide to managing the risk of ransomware events. That includes helping to gauge an organization's level of readiness to counter ransomware threats and to deal with the potential consequences of events." National Institute of Standards and Technology (NIST) has also produced a companion "Quick Start Guide" titled "Getting Started with Cybersecurity Risk Management: Ransomware" which is located here in HSDL: [https://www.hsdl.org/?abstract&did=864873].

National Institute of Standards and Technology (U.S.); United States. Department of Commerce

Barker, William C.; Scarfone, Karen; Fisher, William . . .

2022-02
Incidents of Ransomware on the Rise: Protect Yourself and Your Organization

Show summary Open resource [html] (open full abstract)
"Hospitals, school districts, state and local governments, law enforcement agencies, small businesses, large businesses-these are just some of the entities impacted recently by ransomware, an insidious type of malware that encrypts, or locks, valuable digital files and demands a ransom to release them. The inability to access the important data these kinds of organizations keep can be catastrophic in terms of the loss of sensitive or proprietary information, the disruption to regular operations, financial losses incurred to restore systems and files, and the potential harm to an organization's reputation. And, of course, home computers are just as susceptible to ransomware, and the loss of access to personal and often irreplaceable items-including family photos, videos, and other data-can be devastating for individuals as well. […] So what does the FBI recommend? As ransomware techniques and malware continue to evolve-and because it's difficult to detect a ransomware compromise before it's too late-organizations in particular should focus on two main areas: [1] Prevention efforts-both in both in terms of awareness training for employees and robust technical prevention controls; and [2] The creation of a solid business continuity plan in the event of a ransomware attack."

United States. Federal Bureau of Investigation

2016-04-29
2021 Trends Show Increased Globalized Threat of Ransomware

Show summary Open resource [pdf] (open full abstract)
From the Summary: "In 2021, cybersecurity authorities in the United States, Australia, and the United Kingdom observed an increase in sophisticated, high-impact ransomware incidents against critical infrastructure organizations globally. The Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), and the National Security Agency (NSA) observed incidents involving ransomware against 14 of the 16 U.S. critical infrastructure sectors [hyperlink], including the Defense Industrial Base, Emergency Services, Food and Agriculture, Government Facilities, and Information Technology Sectors. The Australian Cyber Security Centre (ACSC) observed continued ransomware targeting of Australian critical infrastructure entities, including in the Healthcare and Medical, Financial Services and Markets, Higher Education and Research, and Energy Sectors. The United Kingdom's National Cyber Security Centre (NCSC-UK) recognizes ransomware as the biggest cyber threat facing the United Kingdom. Education is one of the top UK sectors targeted by ransomware actors, but the NCSC-UK has also seen attacks targeting businesses, charities, the legal profession, and public services in the Local Government and Health Sectors."

United States. Cybersecurity & Infrastructure Security Agency

2022-02-09
BlackMatter Ransomware

Show summary Open resource [pdf] (open full abstract)
From the Summary: "This joint Cybersecurity Advisory was developed by the Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the National Security Agency (NSA) to provide information on BlackMatter ransomware. Since July 2021, BlackMatter ransomware has targeted multiple U.S. critical infrastructure entities, including two U.S. Food and Agriculture Sector organizations. This advisory provides information on cyber actor tactics, techniques, and procedures (TTPs) obtained from a sample of BlackMatter ransomware analyzed in a sandbox environment as well from trusted third-party reporting. Using embedded, previously compromised credentials, BlackMatter leverages the Lightweight Directory Access Protocol (LDAP) and Server Message Block (SMB) protocol to access the Active Directory (AD) to discover all hosts on the network. BlackMatter then remotely encrypts the hosts and shared drives as they are found. Ransomware attacks against critical infrastructure entities could directly affect consumer access to critical infrastructure services; therefore, CISA, the FBI, and NSA urge all organizations, including critical infrastructure organizations, to implement the recommendations listed in the Mitigations section of this joint advisory. These mitigations will help organizations reduce the risk of compromise from BlackMatter ransomware attacks."

United States. Cybersecurity & Infrastructure Security Agency; United States. Federal Bureau of Investigation; United States. National Security Agency

2021-10-18
Protecting Sensitive and Personal Information from Ransomware-Caused Data Breaches

Show summary Open resource [pdf] (open full abstract)
From the Overview: "Over the past several years, the Cybersecurity and Infrastructure Security Agency (CISA) and our partners have responded to a significant number of ransomware incidents, including recent attacks against a U.S. pipeline company [hyperlink] and a U.S. software company [hyperlink], which affected managed service providers (MSPs) and their downstream customers. Ransomware is malware designed to encrypt files on a device, rendering files and the systems that rely on them unusable. Traditionally, malicious actors demand ransom in exchange for decryption. Over time, malicious actors have adjusted their ransomware tactics to be more destructive and impactful. Malicious actors increasingly exfiltrate data and then threaten to sell or leak it--including sensitive or personal information--if the ransom is not paid. These data breaches can cause financial loss to the victim organization and erode customer trust. All organizations are at risk of falling victim to a ransomware incident and are responsible for protecting sensitive and personal data stored on their systems. This fact sheet provides information for all government and private sector organizations, including critical infrastructure organizations, on preventing and responding to ransomware-caused data breaches."

United States. Cybersecurity & Infrastructure Security Agency

2021-08-18?
Responding to Ransomware: Exploring Policy Solutions to a Cybersecurity Crisis, Hearing Before the Subcommittee on Cybersecurity, Infrastructure Protection, and Innovation of the Committee on Homeland Security, House of Representatives, One Hundred Seventeenth Congress, First Session, May 5, 2021

Show summary Open resource [pdf] (open full abstract)
This is the May 5, 2021 hearing on "Responding to Ransomware: Exploring Policy Solutions to a Cybersecurity Crisis," held before the House Subcommittee on Cybersecurity, Infrastructure Protection, and Innovation of the Committee on Homeland Security. From the opening statement of Yvette Clarke: "While ransomware is not a new problem, the number of cases and the financial impact has skyrocketed since then. That is why I wanted to focus on ransomware at our first subcommittee hearing this year. We must understand the problem we are facing, learn more about how the Federal Government should respond, and do something. Estimates show that ransomware victims paid $350 million in ransom payments last year." Statements, letters, and materials submitted for the record include those of the following: John A. Davis, Megan H. Stifel, Denis Goulet, and Christopher C. Krebs.

United States. Government Publishing Office

2021
Ransomware and Federal Law: Cybercrime and Cybersecurity [October 5, 2021]

Show summary Open resource [pdf] (open full abstract)
From the Introduction: "This report explores legal issues implicated by two potential approaches to combatting ransomware. First, the report summarizes the potential for criminal prosecution under federal statutes such as the Computer Fraud and Abuse Act (CFAA) and the Economic Espionage Act (EEA). This section of the report also discusses legal issues facing ransomware victims--in particular, whether victims risk legal liability by making ransomware payments. Second, the report summarizes federal laws governing public and private sector cybersecurity, including preparedness and incident response. This report does not cover technological and policy considerations involving ransomware, as these topics may be found in other CRS [Congressional Research Service] products."

Library of Congress. Congressional Research Service

Berris, Peter G.; Gaffney, Jonathan M.

2021-10-05
America's Data Held Hostage: Case Studies in Ransomware Attacks on American Companies

Show summary Open resource [pdf] (open full abstract)
From the Executive Summary: "More than ever before, cyber criminals have the ability to disrupt Americans' lives from anywhere in the world. Over time, attackers' tactics have evolved and improved and cyberattacks now have the potential to paralyze entire industry sectors. Organizations are racing to update their systems and improve their defenses to counter this threat. The proliferation of ransomware attacks is a primary example of this challenge. [...] This report details the attacks by Russia-based ransomware group REvil [Ransomware Evil] on three American companies, and the experiences of those companies during the incident response. The goal of this report is to provide information companies and agencies can use to prepare for and respond to ransomware attacks."

United States. Congress. Senate. Committee on Homeland Security and Governmental Affairs

Portman, Robert J. (Robert Jones), 1955-

2022-03
Whole-Of-Government Approach to Combatting Ransomware: Examining DHS's Role, Joint Hearing Before the Subcommittee on Intelligence and Counterterrorism and the Subcommittee on Cybersecurity, Infrastructure Protection, and Innovation of the Committee on Homeland Security, House of Representatives, One Hundred Seventeenth Congress, First Session, November 17, 2021

Show summary Open resource [pdf] (open full abstract)
This is the November 17, 2021 hearing on "Whole-Of-Government Approach to Combatting Ransomware: Examining DHS's Role," held before the U.S. House the Subcommittee on Intelligence and Counterterrorism and the Subcommittee on Cybersecurity, Infrastructure Protection, and Innovation of the Committee on Homeland Security. From the Opening Statement of Elissa Slotkin: "I will just say that I think ransomware is one of those rare National security issues where you can have high-level policy debate in Washington that directly connects to the tangible impacts on people's lives back home in places like Michigan and in Texas. We know that ransomware attacks have exploded in the United States and during a year-and-a-half where we have been more dependent than ever on digital technology, it has really hit home for certainly most of the citizens that I represent. These attacks are overwhelmingly carried out by foreign groups. So, that means our constituents are victims of foreign attack. [...] I think what is important to us and important to expose for the American people is what are we doing about it? Please help our citizens understand and help the committee understand what DHS is doing to fight back with our citizens on the front lines. I am pleased that we are strengthening what we are doing against ransomware." Statements, letters, and materials submitted for the record include those of the following: Robert Silvers, Brandon Wales, and Jeremy Sheridan.

United States. Government Publishing Office

2022
How to Protect Your Networks from Ransomware

Show summary Open resource [pdf] (open full abstract)
"Ransomware is the fastest growing malware threat, targeting users of all types-from the home user to the corporate network. On average, more than 4,000 ransomware attacks have occurred daily since January 1, 2016. This is a 300-percent increase over the approximately 1,000 attacks per day seen in 2015. There are very effective prevention and response actions that can significantly mitigate the risk posed to your organization. Ransomware targets home users, businesses, and government networks and can lead to temporary or permanent loss of sensitive or proprietary information, disruption to regular operations, financial losses incurred to restore systems and files, and potential harm to an organization's reputation."

United States. Department of Justice
Cracking Down on Ransomware: Strategies for Disrupting Criminal Hackers and Building Resilience Against Cyber Threats, Hearing Before the Committee on Oversight and Reform, House of Representatives, One Hundred Seventeenth Congress, First Session, November 16, 2021

Show summary Open resource [pdf] (open full abstract)
This is the November 16, 2021 hearing on "Cracking Down on Ransomware: Strategies for Disrupting Criminal Hackers and Building Resilience Against Cyber Threats," held before the U.S. House Committee on Oversight and Reform. From the opening statement of Carolyn B. Maloney: "This has been an unprecedented year for cyber-attacks. The country is still reeling from last year's cyber-attack against the company SolarWinds that was linked to Russia and infected numerous Federal agencies. These attacks have been described as a wake-up call for America. It attacked all through the Federal Government and numerous private sectors also. [...] Ransomware attacks are a grave national security challenge. Today, we will hear from our witnesses about the 'whole of government' effort needed to disrupt ransomware networks and how we can help businesses, state and local governments, and others to prevent, prepare for, and respond to attacks." Statements, letters, and materials submitted for the record include those of the following: Chris Inglis, Brandon Wales, and Bryan Vorndran.

United States. Government Publishing Office

2021
Pulse Report: Analyzing the Threat of Ransomware Attacks Against US Elections

Show summary Open resource [pdf] (open full abstract)
From the Document: "The threat of a ransomware attack against elections in the United States has been a growing concern within the government and the private sector. We already know that threat actors managed to infiltrate the networks of election offices in multiple states, and according to a Senate Intelligence Report, those same adversaries were targeting all 50 states. In addition, it was reported earlier this year that the Palm Beach County Supervisor of Elections Office was hit with a ransomware attack in September of 2016, which was not reported to the FBI or Homeland Security. [...] The goal of this report is to take a realistic look at the different ransomware threats to the U.S. elections and offer suggestions to protect against those threats."

Recorded Future, Inc.
Ransomware Attacks Renew Focus on HIPAA Security Standards [June 5, 2017]

Show summary Open resource [pdf] (open full abstract)
"Health care facilities increasingly are coming under cyberattack. This trend has raised concerns about the vulnerability of electronic health information, which often includes multiple personal identifiers. These can be used by hackers to create false identities for illegal purposes such as creating fraudulent insurance claims. But health care cybersecurity involves more than just safeguarding patient data from identity theft. Hackers are now using ransomware to attack hospitals and other health care facilities in an effort to extort money by disrupting their operations. Ransomware is a type of malicious software that prevents victims from accessing their data-typically by encrypting the data using a key known only to the hacker-unless a ransom is paid in cryptocurrency (bitcoins). By denying a health care facility access to its data, ransomware attacks may put patients' lives at risk."

Library of Congress. Congressional Research Service

Redhead, C. Stephen

2017-06-05
Cyber Threats in the Pipeline: Using Lessons from the Colonial Ransomware Attack to Defend Critical Infrastructure, Hearing Before the Committee on Homeland Security, House of Representatives, One Hundred Seventeenth Congress, First Session, June 9, 2021

Show summary Open resource [pdf] (open full abstract)
This is the June 9, 2021 hearing on "Cyber Threats in the Pipeline: Using Lessons from the Colonial Ransomware Attack to Defend Critical Infrastructure," held before the House Committee on Homeland Security. From the opening statement of Bennie G. Thompson: "Last month, malicious hackers infiltrated Colonial Pipeline's network and infected its IT [Information Technology] systems with ransomware. For nearly a week, 5,500 miles of pipeline supplying 45 percent of the fuel on the East Coast was shut down, and panic buying resulted in fuel shortages in the Southeast. Since pipeline service was restored, we have learned more about what happened. We know hackers exploited an unprotected VPN [Virtual Private Network] account that was no longer in use to gain access to Colonial Pipeline's network. We know Colonial Pipeline paid the ransom demand and the FBI has since recovered most of it. We know Colonial Pipeline is hardly alone. [...] Today, our goal is to examine the cybersecurity practices in place at Colonial prior to the May 2021 ransomware attack, and assess whether other critical infrastructure operators might be similarly situated and vulnerable." Statements, letters, and materials submitted for the record include those of the following: Joseph Blount, and Charles Carmakal.

United States. Government Publishing Office

2021
CISA Insights: Ransomware Outbreak

Show summary Open resource [pdf] (open full abstract)
From the Document: "Ransomware has rapidly emerged as the most visible cybersecurity risk playing out across our nation's networks, locking up private sector organizations and government agencies alike. And that's only what we're seeing - many more infections are going unreported, ransoms are being paid, and the vicious ransomware cycle continues on. We strongly urge you to consider ransomware infections as destructive attacks, not an event where you can simply pay off the bad guys and regain control of your network (do you really trust a cybercriminal?)."

United States. Cybersecurity & Infrastructure Security Agency

2019-08-21
Ransomware Attacks on Agricultural Cooperatives Potentially Timed to Critical Seasons

Show summary Open resource [pdf] (open full abstract)
From the Summary: "The Federal Bureau of Investigation (FBI) is informing Food and Agriculture (FA) sector partners that ransomware actors may be more likely to attack agricultural cooperatives during critical planting and harvest seasons, disrupting operations, causing financial loss, and negatively impacting the food supply chain. The FBI noted ransomware attacks during these seasons against six grain cooperatives during the fall 2021 harvest and two attacks in early 2022 that could impact the planting season by disrupting the supply of seeds and fertilizer. Cyber actors may perceive cooperatives as lucrative targets with a willingness to pay due to the timesensitive role they play in agricultural production. Although ransomware attacks against the entire farm-to-table spectrum of the FA sector occur on a regular basis, the number of cyber attacks against agricultural cooperatives during key seasons is notable."

United States. Federal Bureau of Investigation

2022-04-20
Combating Ransomware [webinar]

Show summary Open resource [html] (open full abstract)
"Combating Ransomware" gives an overview of ransomware as a cybersecurity concern to include how it functions, its prevalence, and mitigation recommendations. This video has a duration of 1 hour, 24 minutes, and 53 seconds.

United States. Department Of Homeland Security. Office Of Cyber and Infrastructure Analysis

2018-08-10
Cyber Threats in the Pipeline: Lessons from the Federal Response to the Colonial Pipeline Ransomware Attack, Joint Hearing Before the Subcommittee on Cybersecurity, Infrastructure Protection, and Innovation and the Subcommittee on Transportation and Maritime Security, House of Representatives of the Committee on Homeland Security, One Hundred Seventeenth Congress, First Session, June 15, 2021

Show summary Open resource [pdf] (open full abstract)
This is the June 15, 2021 hearing on "Cyber Threats in the Pipeline: Lessons from the Federal Response to the Colonial Pipeline Ransomware Attack," held before the House of Representatives of the Committee on Homeland Security Subcommittee on Cybersecurity, Infrastructure Protection, and Innovation and the Subcommittee on Transportation and Maritime Security. From the opening statement of Bonnie Watson Coleman: "The impacts of the May 7 ransomware attack on Colonial Pipeline were far-reaching. As we all know now, nearly half of the East Coast's fuel is supplied by the Colonial Pipeline. When the pipeline was shut down, Americans struggled to fill up their gas tanks, and the incident threatened to cause major disruptions to the economy and well-being of our country. That is why it is so important for us to have a conversation today about the Federal Government's response to the Colonial incident and its role in ensuring the cybersecurity of our critical infrastructure. [...] Today, we will hear from TSA and CISA [Cybersecurity and Infrastructure Security Agency], the DHS components that are charged with ensuring the cybersecurity of our Nation's pipelines and responding to cyber incidents. I am looking forward to learning, not only about TSA and CISA's engagement with Colonial before and after this incident, but also about their plans to ensure we are better prepared next time." Statements, letters, and materials submitted for the record include those of the following: Sonya T. Proctor and Eric Goldstein.

United States. Government Publishing Office

2021
Joint Cybersecurity Advisory: Ransomware Awareness for Holidays and Weekends

Show summary Open resource [pdf] (open full abstract)
From the Summary: "The Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) have observed an increase in highly impactful ransomware attacks occurring on holidays and weekends--when offices are normally closed--in the United States, as recently as the Fourth of July holiday in 2021. The FBI and CISA do not currently have any specific threat reporting indicating a cyberattack will occur over the upcoming Labor Day holiday. However, the FBI and CISA are sharing the below information to provide awareness to be especially diligent in your network defense practices in the run up to holidays and weekends, based on recent actor tactics, techniques, and procedures (TTPs) and cyberattacks over holidays and weekends during the past few months. The FBI and CISA encourage all entities to examine their current cybersecurity posture and implement the recommended best practices and mitigations to manage the risk posed by all cyber threats, including ransomware."

United States. Cybersecurity & Infrastructure Security Agency; United States. Federal Bureau of Investigation

2021-08-31
Public Service Announcement: Ransomware Victims Urged to Report Incidents to Federal Law Enforcement

Show summary Open resource [pdf] (open full abstract)
"The FBI issued a Public Service Announcement [PSA] on September 15, 2016, urging victims to report ransomware incidents to federal law enforcement to 'help us gain a more comprehensive view of the current threat and its impact on U.S. victims.' This document presents excerpts from the original PSA."

United States. Federal Bureau of Investigation

2016-09-15
Data Integrity: Identifying and Protecting Assets Against Ransomware and Other Destructive Events

Show summary Open resource [pdf] (open full abstract)
"Ransomware, destructive malware, insider threats, and even honest user mistakes present ongoing threats to organizations. Organizations' data, such as database records, system files, configurations, user files, applications, and customer data, are all potential targets of data corruption, modification, and destruction. Formulating a defense against these threats requires two things: a thorough knowledge of the assets within the enterprise, and the protection of these assets against the threat of data corruption and destruction. The NCCoE [National Cybersecurity Center of Excellence], in collaboration with members of the business community and vendors of cybersecurity solutions, will build an example solution to address these data integrity challenges. Multiple systems need to work together to identify and protect an organization's assets against the threat of corruption, modification, and destruction. This project explores methods to effectively identify assets (devices, data, and applications) that may become targets of data integrity attacks, as well as the vulnerabilities in the organization's system that facilitate these attacks. It also explores methods to protect these assets against data integrity attacks using backups, secure storage, integrity checking mechanisms, audit logs, vulnerability management, maintenance, and other potential solutions."

National Institute of Standards and Technology (U.S.); National Cybersecurity Center of Excellence

McBride, Tim; Ekstrom, Michael; Lusty, Lauren . . .

2018-02
Ransomware: What it is and What to Do About it

Show summary Open resource [pdf] (open full abstract)
From the Document: "This document is a U.S. government interagency technical guidance document aimed to inform Chief Information Officers and Chief Information Security Officers at critical infrastructure entities, including small, medium and large sized organizations. This document provides an aggregate of already existing Federal government and private industry best practices and mitigation strategies focused on the prevention and response to ransomware incidents."

United States. Department of Homeland Security; North Carolina. Department of Health and Human Services; United States. Department of Justice
Cyber Threats in the Pipeline: Lessons from the Federal Response to the Colonial Pipeline Ransomware [video]

Show summary Open resource [html] (open full abstract)
This is the June 15, 2021 virtual hearing video on "Cyber Threats in the Pipeline: Lessons from the Federal Response to the Colonial Pipeline Ransomware Attack," held before the House of Representatives of the Committee on Homeland Security Subcommittee on Cybersecurity, Infrastructure Protection, and Innovation and the Subcommittee on Transportation and Maritime Security. Statements, letters, and materials submitted for the record include those of the following: Sonya T. Proctor and Eric Goldstein. The duration of this video is 1 hour, 57 minutes, and 26 seconds. The corresponding GPO (Government Publishing Office) publication for this hearing has also been made available: [https://www.hsdl.org/?abstract&did=859481].

United States. Congress. House. Committee on Homeland Security

2021-06-15

1 2 3 4 5