NIST (National Institute of Standards and Technology) recently issued a draft framework for ransomware risk management based on the five main principles of cybersecurity (identify, protect, detect, respond, and recover). We’ll discuss the steps outlined by the Information Technology Laboratory at NIST in order to help organizations protect themselves. A bipartisan push has established new cybersecurity protocols at the highest levels of government and at organizations that are deemed critical to infrastructure. Additionally, state governments are working to make it illegal to provide payment to cyber actors who hold data for ransom in the event of a ransomware attack.
What is ransomware?
Ransomware is a type of malware. Much like a ransom, it involves attackers holding encrypted data in exchange for payment as a condition for restoring access. These attacks began back in 1989 and the first known attack targeted the healthcare industry. Unfortunately, due to its nature of storing protected health information (PHI), healthcare remains one of the most prominent targets for cyber actors.
How does ransomware get on a system?
The most common means of ransomware infecting a system is through an email attachment. Some attachments may seem harmless to an email recipient but they are actually infected with scripts that execute when opened. The most common and hazardous type of attachment to infect a system is an executable file (.exe) which, when launched, runs a small computer program.
Steps to mitigate ransomware risk
In cybersecurity as in health, an ounce of prevention is worth a pound of cure. For these reasons, the steps NIST outlines help organizations augment their resilience against potential attacks.
- Use antivirus software
- Rigorously schedule patches and updates
- Segment networks
- Monitor for indicators of a compromise or an active attack
- Use cybersecurity products that block access to potentially compromised servers, IP addresses, ports or protocols
- Whitelist authorized applications
- Establish processes for removing unauthorized applications
- Limit the use of accounts with administrative-level access
- Do not allow personal devices on work networks
- Do not allow personal applications to be used on work computers
- Provide annual cybersecurity training to employees and vendors
- Manage credentials and verify often that users have the appropriate level of access
SEE ALSO: NIST weighs in with ransomware tips
Guidance for recovering from a ransomware attack
The following outlined steps provisioned by NIST address what to do in the event of a future attack. Since recovery is a multi-step, strategic process, it’s important to keep your business continuity plan as up-to-date as possible.
- Develop an incident recovery plan with strategies
- Identify recovery prioritization
- Implement incident recovery with stakeholders
- Plan, implement, and test a restoration strategy
- Plan, implement, and test data backup and isolation
- Maintain a list of both internal and external contacts in the event of an attack
What can you do to prevent ransomware?
NIST's guideline proposes that organizations factor potential ransomware events into their risk management governance. It’s also critical to establish policies, inventory assets, communicate responsibilities and policies to personnel, create contingency plans, create an incident response plan, allow for cyber threat intelligence, and monitor personnel activity.
How Paubox can help
Paubox Email Suite Plus includes inbound email security features that scan attachments for viruses and other threats, such as ransomware. This goes hand in hand with the NIST recommendation to utilize services and products that protect against events. ExecProtect provides patented protection against display name spoofing, and Zero Trust Email leverages proprietary email AI to add an additional security check on every email before it is delivered. It also enables you and your team to send HIPAA compliant email that lands directly into your recipients’ inboxes.