CISA Launches New Resource on Ransomware Protection

2021 has seen a notable rise in the number of targeted ransomware attacks, with experts estimating that a company would be affected by an event every eleven seconds this year. Notable incidents like the Colonial Pipeline shutdown in May, which closed the Atlantic Coast’s main artery for fuel for multiple weeks, has shined a renewed light on the importance of protecting your organization from cybercriminals. The Biden administration has already taken significant steps, signing an executive order on May 12 to bolster the country’s cyber defenses and issuing a formal statement on July 19 alongside the European Union, United Kingdom and NATO against the People’s Republic of China over Beijing’s behavior in cyberspace.

Recently, the Cybersecurity and Infrastructure Security Agency launched a new web resource, Stop Ransomware, to help educate the public on how to protect itself and companies from cybercrime. Along with an abundance of information, CISA is planning to hold training and webinars through the new site, which will help to bolster your organization’s defenses. Because it is more important than ever to understand the dangers of ransomware, today’s Think Tank blog will discuss online security essentials.

What is Ransomware?

Ransomware is an ever-evolving form of malware designed to encrypt files on a device, rendering any files and the systems that rely on them unusable. Malicious actors then demand ransom in exchange for decryption. Ransomware actors often target and threaten to sell or leak exfiltrated data or authentication information if the ransom is not paid. In recent years, ransomware incidents have become increasingly prevalent among the Nation’s state, local, tribal, and territorial (SLTT) government entities and critical infrastructure organizations.

Malicious actors continue to adjust and evolve their ransomware tactics over time, and the U.S. Government, state and local governments, and the private sector must remain vigilant in maintaining awareness of ransomware attacks and associated tactics, techniques, and procedures across the country and around the world.

How is Ransomware Delivered?

Ransomware is commonly delivered through phishing emails or via “drive-by downloads.” Phishing emails often appear as though they have been sent from a legitimate organization or someone known to the victim and entice the user to click on a malicious link or open a malicious attachment. A “drive-by download” is a program  automatically downloaded from the internet without the user’s consent or often without their knowledge. The malicious code may run after download, without user interaction. After the malicious code has been run, the computer becomes infected with ransomware.

What Can I Do to Protect My Data and Networks?

• Back up your computer. Perform frequent backups of your system and other essential files, and verify your backups regularly. If your computer becomes infected with ransomware, you can restore your system to its previous state using your backups. 
• Store your backups separately. A best practice is to store your backups on a separate device that cannot be accessed from a network, such as on an external hard drive. Once the backup is completed, disconnect the external hard drive, or a separate device from the network or computer.
• Train your organization. Organizations should ensure that they provide cybersecurity awareness training to their personnel. Ideally, organizations will have regular, mandatory cybersecurity awareness training sessions to ensure their personnel are informed about current cybersecurity threats and threat actor techniques. To improve workforce awareness, organizations can test their personnel with phishing assessments that simulate real-world phishing emails.