U.S. CISA and the FBI, through an interagency collaborative effort known as the Joint Ransomware Task Force (JRTF), have issued an updated #StopRansomware Guide—a one-stop resource to help organizations reduce the risk of ransomware incidents.
Released on May 23rd, the guide offers best practices to detect, prevent, respond, and recover from ransomware incidents, including step-by-step approaches to address potential attacks.
This guide is an update to the Joint Cybersecurity and Infrastructure Security Agency (CISA) and Multi-State Information Sharing & Analysis Center (MS-ISAC) Ransomware Guide originally released in September 2020 and was developed through the JRTF. The guide includes two primary resources:
- Part 1: Ransomware and Data Extortion Prevention Best Practices
- Part 2: Ransomware and Data Extortion Response Checklist
According to the guide's introduction:
"Ransomware is a form of malware designed to encrypt files on a device, rendering them and the systems that rely on them unusable. Malicious actors then demand ransom in exchange for decryption. Over time, malicious actors have adjusted their ransomware tactics to be more destructive and impactful and have also exfiltrated victim data and pressured victims to pay by threatening to release the stolen data. The application of both tactics is known as 'double extortion.'
In some cases, malicious actors may exfiltrate data and threaten to release it as their sole form of extortion without employing ransomware. These ransomware and associated data breach incidents can severely impact business processes by leaving organizations unable to access necessary data to operate and deliver mission-critical services. The economic and reputational impacts of ransomware and data extortion have proven challenging and costly for organizations of all sizes throughout the initial disruption and, at times, extended recovery."
Ransomware is no joke, as produce and fruit giant Dole recently found out when a sophisticated ransomware attack impacted approximately half of its legacy servers and one-quarter of its end-user computers, as reported by Industrial Cyber.
"The incident had a limited impact on our operations overall, however, it was disruptive for our Fresh Vegetables and Chilean businesses in particular," Dole reported in mid-May. "Direct costs related to the incident were $10.5 million of which $4.8 million related to continuing operations."
From the JRTF:
"Ransomware incidents continue to affect far too many organizations—shutting down school districts, disabling emergency communications, forcing hospitals to divert patients, causing untold losses to businesses across the country. Countering a threat of this magnitude requires effectively leveraging every available tool—and coordinating each tool to maximize our impact. The JRTF is an interagency body established by Congress to achieve this goal. JRTF coordinates, deconflicts, and synchronizes efforts across federal; state, local, tribal, territorial (SLTT); and private sector partners and, when applicable, with international partners. JRTF also leverages ransomware-related centers of excellence and relevant organizations to further the national effort to mitigate the ransomware threat."
Two representative from CISA will be speaking at SecureWorld Chicago on June 8th on "Sustainable Cybersecurity and Resiliency." The fireside chat with Tony Enriquez, Chief of Cybersecurity, and Brian Yoshino, Cybersecurity Advisor, both from CISA's Region 5, will be moderated by Tony Beaird, VP and Chief Security Officer at Claro Healthcare.
The session description:
"As the nation's cyber defense agency, CISA leads the national effort to understand, manage, and reduce risk to our cyber and physical infrastructure. Since the majority of our nation's critical infrastructure is privately owned, ensuring the nation's cybersecurity posture requires continued collaboration between government and the private sector. During this fireside chat, CISA will discuss the current cyber threat landscape, the agency's latest initiatives to help critical infrastructure owners and operators protect and defend their networks, and the catalog of CISA services available to organizations to become more cyber resilient."
