Ransomware is an ever-evolving form of malware designed to encrypt files on a device, rendering any files and the systems that rely on them unusable. Malicious actors then demand ransom in exchange for decryption.
— stopransomware.gov
Ransomware attacks seriously impact individuals and organizations by interrupting operations and rendering data inaccessible, resulting in the inability to deliver critical services, economic losses, and sometimes even rendering reputational damage. In 2020, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) and Multi-State Information Sharing & Analysis Center (MS-ISAC) released the Ransomware Guide to provide best practices and recommendations for preventing and responding to ransomware incidents.
Malicious actors have progressively modified their ransomware schemes to be more destructive and impactful. In response to these ever-growing threats, an updated #StopRansomware Guide has been released by CISA. The 2023 guide includes contributions from the Federal Bureau of Investigation (FBI) and the U.S. National Security Agency (NSA), along with the following:
- Additional recommendations for preventing common initial infection vendors (e.g., compromised credentials, social engineering)
- Updated recommendations to address cloud backups and implementing zero trust architecture
- Expanded ransomware response checklist
- Mapped recommendations to CISA’s “Cross-Sector Cybersecurity Performance Goals (CPGs)
Check out the 2023 #StopRansomware Guide and the 2020 Ransomware Guide in HSDL.
For more information, check out HSDL’s In Focus topics on Ransomware, Cyber Crime and National Security, Cyber Infrastructure Protection, and Cyber Policy.