The U.S. Joint Ransomware Task Force (JRTF), co-chaired by the Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI), has released a new resource designed to reduce the risk of ransomware incidents. The document includes best practices to prevent and respond to attacks, as well as step-by-step approaches.
What happened
Initially released in 2020, the JRTF has revised its ransomware guide this month to better address current concerns and trends in the U.S.
The guidance follows an overall increase in ransomware attacks that have been charted on a monthly and, in one study, yearly basis. Healthcare organizations, in particular, are seeing a rise in attacks.
Read more: The NCC Group releases data on March ransomware attacks
The guidance from JRTF includes a highly comprehensive list of ways to prevent and prepare for various ransomware attacks and a detailed checklist of how organizations should react to a ransomware attack.
Why it matters
The JRTF believes that ransomware attacks have increased in severity, with actors using a tactic titled “double extortion.” In these cases, very sensitive data is stolen, and victims are threatened with release if they fail to pay the ransom.
The organization suggests that these data breaches have both economic impacts and procedural ones; organizations spend time and money attempting to retrieve or function without data, and processes, especially for healthcare organizations, may be slowed with a severe impact on patients.
Read more: Report shows increasing ransomware and lawsuits for pixel use
Going deeper
In Part 1 of the guide, the JRTF explains best practices to prevent, prepare, and mitigate.
To prepare for attacks, they suggest:
- Maintaining offline, encrypted backups of all critical data,
- Create and maintain a cyber incident response plan, and
- Implement an architecture to prevent unauthorized access.
They provide step-by-step processes depending on the initial access vector to prevent and mitigate ransomware attacks. They have information for the following vectors:
- Internet-facing vulnerabilities and misconfigurations
- Compromised credentials
- Phishing
- Precursor malware infection
- Advanced forms of social engineering
- Third parties and managed service providers
This section also included a general list of best practices, including employing logical or physical means of segmenting work, creating diagrams that describe data and data flow, and more.
In Part 2 of the guide, the JRTF provides a response checklist, beginning with the detection and analysis to determine the cause and steps moving forward. After analysis, the guideline outlines the process of reporting the attack, containing and eradicating it, and steps to recover and learn from the incident.
The bottom line
The #StopRansomware Guide is a comprehensive and government-wide effort to outline best practices for preparing and responding to a ransomware attack.
As healthcare industries continue to face ransomware attacks, security teams must be on top of evolving trends and strategies.
Related: HIPAA Compliant Email: The Definitive Guide
Abby Grifno
