Fact Sheets & Information

Easy-to-use, straightforward information to help organizations and individuals better understand the threats from, and the consequences of, a ransomware attack. 

General Ransomware

  • Ransomware FBI Trifold
    • This pamphlet provides FBI guidance on prevention, business continuity, and remediation.
  • NIST's Tips and Tactics: Preparing Your Organization for Ransomware Attacks
    • This guidance from the National Institute of Standards and Technology (NIST) includes basic practices for protecting against and recovering from ransomware attacks.
  • Ransomware General Security Postcard
    • This postcard explains ransomware and provides ways to prevent and respond.
  • Phishing General Security Postcard
    • This postcard explains phishing and provides signs and tips to prevent attacks.
  • Fact Sheet: Ransomware Threat to OT Assets
    • For critical infrastructure owners and operators of industrial control systems, CISA published a Fact Sheet that provides information on the rising risk of ransomware to ICS and recommended actions to reduce the risk of becoming a victim as well as severe business or functional degradation should they fall victim.
  • Ransomware: What It Is & What To Do About It
    • A National Cyber Investigative Joint Task Force (NCIJTF) joint-seal ransomware fact sheet provides the public important information on the current ransomware threat and the government’s response, as well common infection vectors, tools for attack prevention, and important contacts in the event of a ransomware attack.
  • CISA Insights: Ransomware Outbreak
    • This product lays out three sets of straightforward steps any organization can take to manage their risk. These recommendations are written broadly for all levels within an organization. 
  • Protect Your Center From Ransomware (poster)
    • Public-safety answering points (PSAPs) or emergency call centers can personalize this poster for their organization to guard against the ransomware threat.
  • How to Protect Your Networks from Ransomware
    • Interagency technical guidance document aimed to inform Chief Information Officers and Chief Information Security Officers at critical infrastructure entities, including small, medium, and large organizations. The document provides an aggregate of existing Federal government and private industry best practices and mitigation strategies focused on the prevention and response to ransomware incidents.  

Specific Ransomware Variants

  • Fact Sheet: TrickBot Malware
    • A CISA fact sheet released in conjunction with a joint CISA and FBI alert on the resurgence of TrickBot Malware. The fact sheet provides guidance on implementing specific mitigation measures to protect against this sophisticated malware that provides its operators a full suite of tools to conduct a myriad of illegal cyber activities. Attackers can use TrickBot to drop other malware, such as Ryuk and Conti ransomware, or serve as an Emotet download.
  • Joint Cybersecurity Advisory: Darkside Ransomware
    • Best practices for preventing business disruption from Darkside ransomware attacks.
  • FBI Private Industry Notification: Egregor Ransomware
    • The FBI first observed Egregor ransomware in September 2020. To date, the threat actors behind this ransomware variant claim to have compromised over 150 victims worldwide. 
  • FBI Flash: Mamba Ransomware
    • Mamba ransomware has been deployed against local governments, public transportation agencies, legal services, technology services, industrial, commercial, manufacturing, and construction businesses. Mamba ransomware weaponizes DiskCryptor—an open source full disk encryption software— to restrict victim access by encrypting an entire drive, including the operating system.
  • Ryuk Variant Report
    • Report on the Ryuk Variant.
  • Qbot/Qakbot Malware Report
    • Report on Qbot/Qakbot Malware.

Addressing the Risk of Ransomware to the Healthcare Sector

Addressing the Risk of Ransomware to the Education Sector

  • FBI Flash: Increase in PYSA Ransomware Targeting Education Institutions
    • FBI reporting has indicated a recent increase in PYSA ransomware targeting education institutions in 12 US states and the United Kingdom. PYSA, also known as Mespinoza, is a malware capable of exfiltrating data and encrypting users’ critical files and data stored on their systems.
  • FBI Public Service Announcement: Distance Learning
    • The FBI is raising awareness for parents and caregivers of school-age children about potential disruptions to schools and compromises of private information, as cyber actors exploit remote learning vulnerabilities.

Ransomware Investigation and Payments