NSA releases #StopRansomware guide
To guide network defenders in protecting against the rapidly evolving ransomware tactics of malicious cyber actors, the National Security Agency (NSA) and several partners publicly released the “#StopRansomware Guide” Cybersecurity Information Sheet (CSI) on May 23.
“Ransomware tactics have become more destructive and impactful,” said Rob Joyce, NSA director of cybersecurity. “Malicious cyber actors are not only encrypting files and asking for ransom, they are also exfiltrating data and threatening victims to release it as a form of extortion. Most importantly, the speed of compromise and impact have increased dramatically, requiring even more effort on the part of defenders.”
Originally released in 2020 by the Cybersecurity and Infrastructure Security Agency (CISA) and Multi-State Information Sharing and Analysis Center (MS-ISAC), the guidance was updated to include additional best practices and recommendations based on operational insight from CISA, MS-ISAC, NSA, and the Federal Bureau of Investigation (FBI).
Additional guidance includes recommendations for preventing common initial infection vectors, cloud backups, and Zero Trust Architecture (ZTA). These recommended practices align with the Cross-Sector Cybersecurity Performance Goals (CPGs) developed by CISA and the National Institute of Standards and Technology (NIST). The CSI also expands the ransomware response checklist to include threat hunting tips for detection and analysis.
This report is part of the #StopRansomware effort initiated by CISA. Relatedly, in February 2023, NSA and several partners teamed up with the South Korean government to highlight malicious cyber actors’ use of ransomware to target critical infrastructure.
“These attacks will only continue evolving into more frequent and more sophisticated ransomware attacks,” Joyce said. “We need to effectively counter this growing threat.”
In the CSI, the agencies advise that organizations implement best practices to better prepare and protect their facilities, personnel, and customers from cybersecurity threats. Additionally, the CSI includes no-cost resources offered by CISA and MS-ISAC to help counter ransomware threats.
Like IC News? Then please consider subscribing. You’ll get full access to our searchable library of 10,000+ articles, plus new articles each weekday.