Ransomware is an ever-evolving form of malware designed to encrypt files on a device, rendering any files and the systems that rely on them unusable. Malicious actors then demand ransom in exchange for decryption. Ransomware actors often target and threaten to sell or leak exfiltrated data or authentication information if the ransom is not paid. In recent months, ransomware has dominated the headlines, but incidents among the Nation’s state, local, tribal, and territorial (SLTT) government entities and critical infrastructure organizations have been growing for years.
Malicious actors continue to adapt their ransomware tactics over time. Federal agencies remain vigilant in maintaining awareness of ransomware attacks and associated tactics, techniques, and procedures across the country and around the world.
The U.S. Secret Service provides guidance for how and where to report a cyber incident in their Preparing for a Cyber Incident document. Likewise, NIST's Ransomware Protection and Response provides information on response and recovery.
Sector-specific guidance will be provided for all 16 critical infrastructure sectors vital to the Nation. Disabling or destroying the 16 critical infrastructure sectors would cause great harm to security, economic welfare, public health, and safety. They include Energy, Food, Healthcare, and Information Technology – some of the sectors targeted in recent high profile cyber attacks. The current general guidance should be implemented now.
Stopransomware.gov provides guidance and resources from Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency, the United States Secret Service, the Department of Justice's Federal Bureau of Investigation, the U.S. Department of Health and Human Services, the National Institute of Standards and Technology, and the U.S. Department of Treasury.