Updated Ransomware Guide Issued by CISA Three Years After Its Initial Release
The Cybersecurity and Infrastructure Security Agency (CISA) has recently updated its ransomware guide, marking a significant collaboration with the FBI, National Security Agency (NSA), Multi-State Information Sharing and Analysis Center (MS-ISAC), and international partners such as the United Kingdom's National Cyber Security Centre (NCSC), the Australian Cyber Security Centre (ACSC), and the Canadian Centre for Cyber Security (CCCS).
This updated guide comes at a time when ransomware activity has evolved significantly since 2020, with a lower barrier to entry for threat actors due to the commercialization of ransomware. Eric Goldstein, executive assistant director for CISA, emphasizes that the updated guide aims to help organizations reduce the prevalence and impact of ransomware incidents.
One of the key recommendations in the updated guide is the enforcement of lockout policies after a certain number of failed login attempts. This measure is designed to prevent unauthorized access and limit the potential for a ransomware attack.
Another important aspect highlighted in the guide is the increased use of double-extortion techniques and data exfiltration in recent ransomware attacks. To combat this, the guide advises maintaining offline, encrypted backups of critical data and regularly testing them in a disaster recovery simulation.
The guide also stresses the importance of implementing phishing-resistant multifactor authentication, regularly patching and updating software and operating systems to the latest versions, and conducting regular scanning to identify and address vulnerabilities, particularly on internet-facing devices.
In addition, the guide suggests creating illustrated guides that provide detailed information about data flows inside an organization, helping incident responders understand which systems to focus on during an attack. It also recommends developing, maintaining, and practicing a basic cyber incident response plan for ransomware and data breaches, including a communications plan and disclosure notifications to government authorities.
The guide further advises ensuring that all on-premises, cloud services, mobile, and bring-your-own devices are properly configured and security features are enabled. It also provides email and phone contact information for key federal agencies to contact during an attack.
Theodore Sayers, director of intelligence and incident response at MS-ISAC, notes that ransomware as a service models are allowing unsophisticated or non-technical actors to enter the ransomware arena. To prevent initial intrusion, the guide offers recommendations to protect data using cloud backups and to ensure all systems are properly secured.
In conclusion, the updated ransomware guide serves as a comprehensive resource for organizations to strengthen their cybersecurity measures and reduce their vulnerability to ransomware attacks. By following the recommendations outlined in the guide, organizations can better protect their critical data and systems.
