#StopRansomware Guide gets updated
The Cybersecurity and Infrastructure Security Agency (CISA), Federal Bureau of Investigation (FBI), National Security Agency (NSA), and Multi-State Information Sharing and Analysis Center (MS-ISAC) collaborated to release the #StopRansomware Guide, with updates to the 2020 version that hope to address the increasingly sophisticated cyberattacks occurring nationwide.
“With our partners on the Joint Ransomware Task Force, CISA is focused on taking every action possible to support individuals and businesses, including ‘target-rich, cyber-poor’ entities like hospitals and K-12 schools, by providing actionable resources and information. We must collectively evolve to a model where ransomware actors are unable to use common tactics and techniques to compromise victims and where ransomware incidents are detected and remediated before harm occurs,” said Eric Goldstein, Executive Assistant Director for Cybersecurity, CISA, in a statement.
“With our FBI, NSA and MS-ISAC partners, we strongly encourage all organizations to review this guide and implement recommendations to prevent potential ransomware incidents. In order to address the ransomware epidemic, we must reduce the prevalence of ransomware intrusions and reduce their impacts, which include applying lessons learned from ransomware incidents that have affected far too many organizations.”
The updates incorporate recent trends in cyberattacks that take advantage of siloed networks, advanced marketing techniques, and vulnerabilities in third-party vendors like cloud providers.
“Ransomware tactics have become more destructive and impactful,” noted Rob Joyce, NSA Director of Cybersecurity. “Malicious cyber actors are not only encrypting files and asking for ransom, they are also exfiltrating data and threatening victims to release it as a form of extortion. Most importantly, the speed of compromise and impact have increased dramatically, requiring even more effort on the part of defenders. These attacks will only continue evolving into more frequent and more sophisticated ransomware attacks. We need to effectively counter this growing threat.”
Changes to the #StopRansomware Guide
The updated #StopRansomware Guide includes contributions from the FBI and NSA, who are listed as co-authors. Other changes to the #StopRansomware Guide include:
- New infection prevention tactics, including leaked credentials and “advanced forms of social engineering.”
- Advanced forms of social engineering refer to the manipulation of common marketing tools to mislead people into clicking on or downloading malware or going to malicious websites.
- Revised recommendations that address cloud backup vulnerabilities and zero trust architecture (ZTA).
- The updates reflect the ongoing evolution of cloud storage solutions and encourages the use of a multi-cloud solution in case the cloud vendor is impacted. The Guide also recommends implementing a ZTA to make access to data and services “as granular as possible.”
- Enhanced the ransomware response checklist with better tools for detection and analysis.
- The checklist additions include special considerations for enterprise and cloud environments and consider emerging threats like the Microsoft Cobalt Strike malware.
- Reference to CISA’s Cross-Sector Cybersecurity Performance Goals (CPGs).
In creating cybersecurity performance goals, organizations should refer to CISA’s outline for best cybersecurity practices.
Unified cyber-protective front
As always, the best cybersecurity plan is prevention, but cybersecurity leaders are emphasizing the need for a unified front against cyberattacks – both within and across organizations.
“The FBI is committed to sharing information with organizations and the public to assist in shoring up network defenses,” shared Bryan Vorndran, Assistant Director of the FBI’s Cyber Division.
“We, along with our partners, strive to identify the common tactics, techniques and procedures that ransomware actors deploy and are dedicated to using that information to help combat the ransomware epidemic. While the FBI continues to prevent and disrupt cyberattacks we cannot win the fight against ransomware attacks alone: we urge all organizations to implement these recommendations to ensure stronger resiliency for their networks.”