The US Cybersecurity and Infrastructure Security Agency (CISA) has updated its guidelines for dealing with ransomware, noting that paying ransom is not recommended. “Paying ransom will not ensure your data is decrypted, that your systems or data will no longer be compromised, or that your data will not be leaked,” the authors state.
The #StopRansomware Guide is a “one-stop resource to help organizations reduce the risk of ransomware incidents.” It offers step-by-step ways to address potential attacks and includes two main resources:
- Ransomware and Data Extortion Prevention Best Practices
- Ransomware and Data Extortion Response Checklist
For example, the response checklist outlines 21 specific steps to follow in case of attack, including:
- Determine which systems were impacted and immediately isolate them.
- Power down devices if you are unable to disconnect them from the network to avoid further spread of the ransomware infection.
- Triage impacted systems for restoration and recovery.
- Examine detection or prevention systems and logs.
- Initiate threat hunting activities.
- Notify stakeholders as determined by organizational procedures.
- Consult federal law enforcement regarding possible decryptors.
- Contain associated systems that may be used for further unauthorized access.
Download the #StopRansomware Guide for comprehensive recommendations and additional resources.
See also:
Attack and Defense Techniques to Secure Your Systems
Free Cybersecurity Resources for Protecting Your Organization
Understanding Threat Intelligence for Infrastructure Security
What Does Zero Trust Mean?
Looking for a job?
Sign up for job alerts and check out the latest listings at Open Source JobHub.
Comments