Cybersecurity Agency and Infrastructure Protection (CISA), in partnership with the FBI, ANB, and interstate center, issued an updated version of the leadership #stopransomware. This is the first time since 2020 that the agency has updated its leadership, which reflects the lessons learned over the past few years. For the first time, the FBI and the NSA are co-authors of the updated leadership. The agency hopes to help organizations reduce the distribution and influence of ransomware programs.
According to MS-SISAC, the activity of the ransomware monitoring programs has developed since 2020, with a decrease in the entrance threshold for attackers, especially for RAAS models (“extortion of as a service”). The updated leadership includes tactical changes made by attackers in recent years, including the wider use of double extortion methods and theft of the ransomware program attacks.
#Stopransomware includes an exhaustive list of advanced methods of attacks from attacks. It recommends maintaining autonomous encrypted backups of important data and regularly checking it in modeling emergency recovery. This includes the “golden image” of critical systems, including pre-tuned OS and related applications. Additionally, organizations should develop, maintain, and practice the basic response plan to cyber incidents, particularly attacks of the carrier and data leakage programs. It is also necessary to develop a communication plan, including notification to government agencies about the incident.
The manual also includes a set of measures to prevent and mitigate the consequences of ransomware attacks. This includes conducting regular scanning to identify and eliminate vulnerabilities, especially on devices connected to the Internet. Regularly updating software and OS to the latest versions, and checking that all local, cloud, mobile, and personal devices are correctly configured, and include safety functions. Introducing multifactor authentication (MFA) resistant to phishing, and installing a blocking policy after a certain number of unsuccessful entry attempts.
The leadership proposes creating illustrated manuals to provide detailed information about the data flows within the organization to help IT specialists understand which systems to focus on during an attack. Additionally, the updated leadership contains contact information for federal agencies that organizations can contact during an attack.