CISA, the US’ top information security agency, released guidance to help organizations prevent data breaches caused by ransomware gangs who use double extortion tactics.
The fact sheet also includes best practices for mitigating the risk of ransomware attacks and data exfiltration.
CISA’s ransomware data breach guidance is part of an ongoing effort to fend off the escalating ransomware threat. These recommendations followed an almost continuous avalanche of ransomware attacks targeting the US public and private sectors in recent years.
Ransomware is a serious threat to organizations, especially those that deal with critical infrastructure, the CISA said. “All organizations are at risk of falling victim to a ransomware incident and are responsible for protecting sensitive and personal data stored on their systems.”
The information sheet, issued by the CISA, outlines various steps that organizations can take to improve their response to ransomware attacks.
To prevent ransomware attacks, CISA advises:
- Maintaining offline, encrypted backups of data
- Creating, maintaining, and exercising a basic cyber incident response and resiliency plans
- Mitigating internet-facing vulnerabilities and misconfigurations to reduce the attack vector
- Enabling strong spam filters and implementing user awareness and training programs
- Practicing good cyber hygiene (use up-to-date anti-malware solutions and application allowlisting, enable MFA)
To prevent ransomware gangs from accessing customer or employee sensitive or personal information, CISA advises:
- Avoiding storing sensitive data on Internet-exposed devices, encrypting sensitive info at rest and in transit, using firewalls and network segmentation.
Additional info on how to defend against and respond to ransomware attacks is available in the fact sheet and on CISA’s recently launched StopRansomware.gov web portal.