Easy-to-use, straightforward information to help organizations and individuals better understand the threats from, and the consequences of, a ransomware attack.
- Ransomware Vulnerability Warning Pilot Program
- On January 30, 2023, CISA established a pilot that identifies vulnerabilities commonly associated with known ransomware exploitation and warns critical infrastructure entities of those vulnerabilities, thus enabling timely mitigation before damaging intrusions occur.
- Ransomware FBI Trifold
- This pamphlet provides FBI guidance on prevention, business continuity, and remediation.
- NIST's Tips and Tactics: Preparing Your Organization for Ransomware Attacks
- This guidance from the National Institute of Standards and Technology (NIST) includes basic practices for protecting against and recovering from ransomware attacks.
- Ransomware General Security Postcard
- This postcard explains ransomware and provides ways to prevent and respond.
- Phishing General Security Postcard
- This postcard explains phishing and provides signs and tips to prevent attacks.
- Ransomware: What It Is & What To Do About It
- A National Cyber Investigative Joint Task Force (NCIJTF) joint-seal ransomware fact sheet provides the public important information on the current ransomware threat and the government’s response, as well common infection vectors, tools for attack prevention, and important contacts in the event of a ransomware attack.
- CISA Insights: Ransomware Outbreak
- This product lays out three sets of straightforward steps any organization can take to manage their risk. These recommendations are written broadly for all levels within an organization.
- Protect Your Center From Ransomware (poster)
- Public-safety answering points (PSAPs) or emergency call centers can personalize this poster for their organization to guard against the ransomware threat.
- How to Protect Your Networks from Ransomware
- Interagency technical guidance document aimed to inform Chief Information Officers and Chief Information Security Officers at critical infrastructure entities, including small, medium, and large organizations. The document provides an aggregate of existing Federal government and private industry best practices and mitigation strategies focused on the prevention and response to ransomware incidents.
Specific Ransomware Variants
- Fact Sheet: TrickBot Malware
- A CISA fact sheet released in conjunction with a joint CISA and FBI alert on the resurgence of TrickBot Malware. The fact sheet provides guidance on implementing specific mitigation measures to protect against this sophisticated malware that provides its operators a full suite of tools to conduct a myriad of illegal cyber activities. Attackers can use TrickBot to drop other malware, such as Ryuk and Conti ransomware, or serve as an Emotet download.
- Joint Cybersecurity Advisory: Darkside Ransomware
- Best practices for preventing business disruption from Darkside ransomware attacks.
- FBI Private Industry Notification: Egregor Ransomware
- The FBI first observed Egregor ransomware in September 2020. To date, the threat actors behind this ransomware variant claim to have compromised over 150 victims worldwide.
- FBI Flash: Mamba Ransomware
- Mamba ransomware has been deployed against local governments, public transportation agencies, legal services, technology services, industrial, commercial, manufacturing, and construction businesses. Mamba ransomware weaponizes DiskCryptor—an open source full disk encryption software— to restrict victim access by encrypting an entire drive, including the operating system.
- Ryuk Variant Report
- Report on the Ryuk Variant.
- Qbot/Qakbot Malware Report
- Report on Qbot/Qakbot Malware.
Addressing the Risk of Ransomware to the Healthcare Sector
- For information about ransomware and healthcare, visit the Healthcare and Public Health Sector page.
Addressing the Risk of Ransomware to the Education Sector
- FBI Flash: Increase in PYSA Ransomware Targeting Education Institutions
- FBI reporting has indicated a recent increase in PYSA ransomware targeting education institutions in 12 US states and the United Kingdom. PYSA, also known as Mespinoza, is a malware capable of exfiltrating data and encrypting users’ critical files and data stored on their systems.
- FBI Public Service Announcement: Distance Learning
- The FBI is raising awareness for parents and caregivers of school-age children about potential disruptions to schools and compromises of private information, as cyber actors exploit remote learning vulnerabilities.
Addressing the Risk of Ransomware to Next Generation 911
A critical component of emergency communications are 911 centers–to include emergency communication centers (ECC), public safety answering points (PSAP), public safety communication centers (PSCC), emergency operations centers (EOC), and other public safety command centers.
Ransomware Investigation and Payments
- Advisory on Ransomware and the Use of the Financial System to Facilitate Ransom Payments
- This advisory alerts financial institutions to predominant trends, typologies, and potential indicators of ransomware and associated money laundering activities.
- FBI Cyber Investigative Response Key Considerations
- Key considerations from the FBI on conducting an investigation.
- Cyber Investigation Prep - General Audience (Handout)
- Preparation includes developing an incident response plan, and is key to an effective response that minimizes harm and expedites recovery. One way to accomplish that is to establish a point of contact with your local FBI field office. This document contains information about working with your local FBI office.
- Advisory on Potential Sanctions Risks for Facilitating Ransomware Payments
- This U.S. Department of the Treasury’s Office of Foreign Assets Control highlight the sanctions risks associated with ransomware payments related to malicious cyber-enabled activities.
Protecting Sensitive and Personal Information From Ransomware-Caused Data Breach
CISA has released the fact sheet Protecting Sensitive and Personal Information from Ransomware-Caused Data Breaches to address the increase in malicious cyber actors using ransomware to exfiltrate data and then threatening to sell or leak the exfiltrated data if the victim does not pay the ransom.