Ransomware is an ever-evolving form of malware designed to encrypt files on a device, rendering any files and the systems that rely on them unusable. Malicious actors then demand ransom in exchange for decryption. Ransomware actors often target and threaten to sell or leak exfiltrated data or authentication information if the ransom is not paid. In recent months, ransomware has dominated the headlines, but incidents among the Nation’s state, local, tribal, and territorial (SLTT) government entities and critical infrastructure organizations have been growing for years.
Malicious actors continue to adapt their ransomware tactics over time. Federal agencies remain vigilant in maintaining awareness of ransomware attacks and associated tactics, techniques, and procedures across the country and around the world.
The U.S. Secret Service provides guidance for how and where to report a cyber incident in their Preparing for a Cyber Incident document. Likewise, NIST's Ransomware Protection and Response provides information on response and recovery.
The CSBS Bankers Electronic Crimes Taskforce (BECTF), State Bank Regulators and the United States Secret Service developed the Ransomware Self-Assessment Tool for banks and nonbanks, which has 16 questions designed to help financial institutions reduce the risks of ransomware.
Another resource is the Blueprint for Ransomware Defense. This action plan for ransomware mitigation, response, and recovery for small- and medium-sized enterprises, is based on the CIS Controls, a set of well-regarded and widely-used best practices that help enterprises focus their resources on the critical actions needed to defend against the most common cyber attacks.
Sector-specific guidance will be provided for all 16 critical infrastructure sectors vital to the Nation. Disabling or destroying the 16 critical infrastructure sectors would cause great harm to security, economic welfare, public health, and safety. They include Energy, Food, Healthcare, and Information Technology – some of the sectors targeted in recent high profile cyber attacks. The current general guidance should be implemented now.
Stopransomware.gov provides guidance and resources from Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency, the United States Secret Service, the Department of Justice's Federal Bureau of Investigation, the U.S. Department of Health and Human Services, the National Institute of Standards and Technology, and the U.S. Department of Treasury.