The U.S. Cybersecurity and Infrastructure Security Agency (CISA) and its partners recently released an update to their #StopRansomware guide, first issued in 2020. The revised version reflects the ever-shifting scene of tactics and malware that have made the battle against ransomware a moving target.
Fun fact: The first ransomware attack was delivered via floppy disk in 1989, and the ransom demand was the equivalent of $450 in today’s dollars. Those were the days. Here in 2023, some attacks run into seven figures, and according to some estimates a new one occurs every 19 seconds.
With all that as a backdrop, what’s new in the revised CISA guide? A few highlights:
- It’s not entirely accurate to say that the guide is from CISA. The FBI and NSA have been added as co-authors, bringing their operational insights into play. Officially, the guide is a product of the Joint Ransomware Task Force (JRTF).
- The guide adds recommendations to head off common attack vectors including advanced forms of social engineering.
- There are new recommendations to address cloud backups and zero trust architecture (ZTA, or ZTNA), an approach to cybersecurity that continuously validates every stage of an interaction, eliminating any assumed or implicit trust.
- The guide’s ransomware response checklist has been expanded with threat hunting tips for detection and analysis.
Much of the guide’s original advice is unchanged, and bears repeating:
- Maintain offline, encrypted backups of critical data, and test those backups regularly.
- Create, maintain and regularly practice a basic cyber incident response plan (IRP). Have that plan available in hard copy and offline digital forms.
- Regularly patch and update software and operating systems, and conduct regular vulnerability scanning.
- Make sure all devices (including employee-owned devices) and cloud services are properly configured, with security features enabled.
Finally, CISA asks that every incident be reported. Many organizations resist reporting incidents because of the perceived reputational damage, but reporting helps authorities to understand trends and tactics and to help protect others.
There’s much more, of course (the full report, 29 pages long, is available here). Remember that while tactics and software continue to change, the best defense is still employees who are trained to recognize and avoid phishing attempts, social engineering and other methods used by the purveyors of ransomware and other malware.
Questions about the #StopRansomware guide or protecting your business from ransomware? Contact Hill Tech Solutions.