A two-part ransomware guide released yesterday by the Cybersecurity and Infrastructure Security Agency (CISA) and Multi-State Information Sharing and Analysis Center (MS-ISAC) directs cyber professionals on how to protect against and respond to attack.
CISA and MS-ISAC intend for the new ransomware guide to encompass the field’s best practices for handling ransomware all in one place. The agencies explained that while there are many products and resources available for professionals to reference, it’s difficult for to find an all-encompassing source of information.
“The collaborative and consistent engagement with our industry and government partners support our concerted efforts to offer trusted, proactive and timely resources and services,” Bryan Ware, CISA’s assistant director for cybersecurity, said. “This guide is based on operational insight from CISA and MS-ISAC and our engagements with varied sector partners.”
The guide emphasizes that any organization is vulnerable to the possibility of a ransomware attack. By backing up sensitive data, training employees, and patching systems promptly, IT personnel can soften the blow of a successful attack. In the guide, CISA and MS-ISAC walk organizations through how to identify critical data to ensure its properly protected.
Part one of the guide, focused on ransomware prevention, discusses proactive measures that organizations can take to stop malicious actors before an attack can occur. Preventative strategies and services include domain blocking and reporting, regional cybersecurity advisors, and phishing campaign assessments. In part two, CISA and MS-ISAC outline detection and analysis, containment and eradication, and recovery and post-incident strategies for dealing with ransomware. The second part is intended to provide organizations with a methodical and properly managed approach to overcoming the attack.