Press Release

CISA, FBI, NSA, MS-ISAC Publish Updated #StopRansomware Guide 


Updated guide developed through the Joint Ransomware Task Force provides best practices and resources to help organizations reduce the risk of ransomware incidents   

WASHINGTON – The Cybersecurity and Infrastructure Security Agency (CISA), Federal Bureau of Investigation (FBI), National Security Agency (NSA), and Multi-State Information Sharing and Analysis Center (MS-ISAC) today published the #StopRansomware Guide—an updated version of the 2020 guide containing additional recommended actions, resources, and tools. This publication was produced through the Joint Ransomware Task Force (JRTF), an interagency body established by Congress in 2022 to ensure unity of effort in combating the threat of ransomware attacks. 

The #StopRansomware Guide is a one-stop resource to help organizations reduce the risk of ransomware incidents through best practices to detect, prevent, respond, and recover, including step-by-step approaches to address potential attacks. The update incorporates lessons learned from the past two years, including recommendations for preventing common initial access techniques, such as compromised credentials/passwords and advanced forms of social engineering; recommendations to address cloud security backups; and threat hunting tips for detection and analysis.

“With our partners on the Joint Ransomware Task Force, CISA is focused on taking every action possible to support individuals and businesses, including ‘target-rich, cyber-poor’ entities like hospitals and K-12 schools, by providing actionable resources and information. We must collectively evolve to a model where ransomware actors are unable to use common tactics and techniques to compromise victims and where ransomware incidents are detected and remediated before harm occurs,” said Eric Goldstein, Executive Assistant Director for Cybersecurity, CISA. “With our FBI, NSA and MS-ISAC partners, we strongly encourage all organizations to review this guide and implement recommendations to prevent potential ransomware incidents. In order to address the ransomware epidemic, we must reduce the prevalence of ransomware intrusions and reduce their impacts, which include applying lessons learned from ransomware incidents that have affected far too many organizations.” 

"The FBI is committed to sharing information with organizations and the public to assist in shoring up network defenses," said Bryan Vorndran, Assistant Director of the FBI's Cyber Division. "We, along with our partners, strive to identify the common tactics techniques and procedures that ransomware actors deploy and are dedicated to using that information to help combat the ransomware epidemic. While the FBI continues to prevent and disrupt cyber attacks we cannot win the fight against ransomware attacks alone: we urge all organizations to implement these recommendations to ensure stronger resiliency for their networks." 

“Ransomware tactics have become more destructive and impactful,” said Rob Joyce, NSA Director of Cybersecurity. “Malicious cyber actors are not only encrypting files and asking for ransom, they are also exfiltrating data and threatening victims to release it as a form of extortion. Most importantly, the speed of compromise and impact have increased dramatically, requiring even more effort on the part of defenders. These attacks will only continue evolving into more frequent and more sophisticated ransomware attacks. We need to effectively counter this growing threat.” 

“Sharing cybersecurity best practices, in particular those that can help reduce the incidence of ransomware, is important to government organizations at all levels. The Multi-State Information Sharing and Analysis Center (MS-ISAC) is pleased to have been able to participate in the development of this important publication,” said John Gilligan, Center for Internet Security Chief Executive Officer. 

The first part of the guide provides comprehensive, relevant, and proven best practices that organizations should continuously implement to help reduce their risk. This section can guide organizations in identifying their critical data and enable forward-leaning actions to mitigate potential ransomware incidents. Part two provides a step-by-step list of actions along with available services and resources for detection and analysis, containment and eradication, and recovery and post-incident activity. This checklist can guide any victim organization through a methodical, measured, and properly managed incident response approach.

With our industry and interagency partners in the Joint Ransomware Task Force, CISA, FBI, NSA and MS-ISAC are working to reduce the prevalence and impact of ransomware attacks. This includes coordination on efforts such as the Pre-Ransomware Notification Initiative and the Ransomware Vulnerability Warning Pilot which have made important strides in advancing our collective efforts against ransomware threats.

Every organization, government, and business is encouraged to use the #StopRansomware Guide to ensure that appropriate protections and response plans are in place. Implementing the best practices outlined in this guide can help reduce the risk to and impact of a ransomware incident. For more USG information and resources on preventing and responding to ransomware threats, visit


About CISA 

As the nation’s cyber defense agency and national coordinator for critical infrastructure security, the Cybersecurity and Infrastructure Security Agency leads the national effort to understand, manage, and reduce risk to the digital and physical infrastructure Americans rely on every hour of every day.

Visit for more information and follow us on TwitterFacebookLinkedIn, Instagram