Free Cybersecurity and Infrastructure Security Agency (CISA) ransomware resources to help reduce your risk
The Cybersecurity and Infrastructure Security Agency (or CISA) exists and is committed to helping U.S. state, local, territorial and tribal (SLTT) governments defend against cyber risk and collaborate to build a more secure cyber future. CISA is not a regulator, and all their work is voluntary. CISA provides incident response services and tools to governments at all levels and helps share resources against ransomware attacks towards organizations.
Phishing simulations & training
What is the motivation for CISA to create resources to reduce ransomware risk?
We should begin by understanding and accepting that there is no such thing as perfect cybersecurity. Every computer system that man has ever developed is vulnerable to a certain extent and thus needs to be secured. CISA understands this and that is why it partnered with Infosec to host a ransomware webinar with Amy Nicewick, the Communications Management Section Chief Cyber Security Division at CISA, and David Stern, the Head of Cyber Security Communications Management Section Chief of Cyber Security.
You can watch the full webinar, CISA Resources to Reduce Ransomware Risk, to learn more about how ransomware attacks work, measures to protect against them and how to respond if you get infected.
What are some of the key messages shared by CISA?
CISA shares some key messages to organizations to help them secure their infrastructure from cyberattacks. These messages are important and must be followed to the letter to ensure that organizations are safeguarded from cyberattacks. These are nuggets that will be discussed some more later on. These key messages from CISA are:
- Keep calm and patch on — Ensure that you are using updated and patched software.
- Backing up is your best bet — Make sure that you take offline backups regularly.
- Suspect deceit? Hit delete — Delete anything that looks suspicious, and you’re unaware of.
- Always authenticate — Always use Two-Factor and Multifactor authentication to all accounts.
- Prepare and practice your plan — Ensure that you have policies and you have them implemented.
What are the most common attack vectors for ransomware?
When ransomware hits an organization, it is mostly delivered through some common attack vectors, as discussed by Amy Nicewick in the webinar. Let us consider some of these attack vectors.
- Phishing — Phishing involves the cybercriminal sending a well-crafted email to the target. Once this email is clicked on, the malicious download begins and could contain the ransomware payload that eventually encrypts the data on the target computer.
- Compromised websites — Cyber Criminals could host ransomware on websites that they control, and once they lead you to these, the ransomware payload can get downloaded and infect the target computer.
- Malvertising — Infected advertisements on websites can infect your computer with ransomware. All it takes is for you to be served with a malicious ad that bypasses the browser’s security mechanisms.
- Exploit kits — Cybercriminals can develop exploits that target certain vulnerabilities affecting systems. When these exploits are run, they cause unauthorized access to the target.
- Downloads — Cybercriminals can infect malicious websites with malware, which, when visited, automatically download malware (in this case ransomware) and infect the target.
What are the CISA ransomware resources that can be used to prevent the attacks above?
CISA provides a ransomware guide that includes recommendations, best practices, recommended incident response policies and procedures, cyber hygiene services and several checklists that organizations can use to protect against or respond to ransomware attacks.
As David Stern states in the webinar, “When you take precaution measures in advance, you interrupt the business model of the adversary. This prevents a ransomware attack that would require you to pay the ransom.” He goes ahead to state, “…raise awareness, empower your employees, because, humans are the weakest link, yet also can be the strongest link once armed with the right knowledge,” He emphasizes the importance of patching software, “…patch software, do not use end of life software, have a plan.”
The ransomware guide is divided into two main sections, Section I and Section II.
Section I: Best practices
This section of the ransomware guide encourages you to consider several important things that we shall briefly discuss.
a) Be prepared
Being prepared requires that you maintain offline and encrypted backups of data and regularly test these backups. You should create, maintain, exercise a basic cyber incident response plan and associated communications plan.
b) Internet-Facing Vulnerabilities and Misconfigurations
You should conduct regular vulnerability scanning and regularly patch and update software and operating systems. Do not use software that has come to its end of life.
You must also ensure that using MFA and 2FA is not optional and must be compulsory.
c) Phishing
You should conduct cybersecurity awareness and training. This equips your employees with the right knowledge on how to browse online. You should also implement DMARC policy and verification and disable macro scripts for Office files transmitted via email.
d) Precursor Malware Infection
You must ensure that you update anti-malware software and signatures. Also, you should use the application directory allowlisting on all assets and implement an IDS.
e) Third Parties and Managed Service Providers (MSPs)
You must consider the risk management and cyber hygiene practices of third parties and MSPs. Attacks coming from MSPs might come as phishing emails or even third-party updates.
Section II: Ransomware response checkbook
This section includes the ransomware response checkbook. Here, we briefly discuss the best responses to ransomware attacks and the tools that can be leveraged to help prevent such attacks. There are some important things to note.
- Paying ransom does not guarantee that your decryption key will be sent to you or that there will not be subsequent attacks.
- You should take a system image and memory capture of a sample of affected devices.
- Research trusted guidance for ransomware variants and examine IDS/IPS and logs.
- Conduct extended analysis to identify persistence mechanisms.
- Rebuild systems based on a prioritization of critical services.
What are some online tools for vulnerability scanning by CISA?
You can have your internet-facing assets scanned by CISA and get weekly reports by emailing CISA at vulnerability_info@cisa.dhs.gov, with the subject line “Request Vulnerability Scanning Services.”
Vulnerabilities being exploited in the wild can be scanned for on your infrastructure, and CISA will be able to immediately reach out to you in case these vulnerabilities are identified.
You can register for web application vulnerability scanning by emailing vulnerability_info@cisa.dhs.gov with the subject line “Request Web App Scanning Services.” You will get monthly and quarterly updates.
You can register for a phishing campaign assessment by emailing vulnerability_info@cisa.dhs.gov with the subject line “Request Phishing Campaign Assessment Service.” You will get monthly and quarterly updates. This campaign takes six weeks.
You can also have some policy assessments to see the maturity of your security policies.
The Cyber Resilience Review is a more detailed interview-based assessment. It evaluates your organization’s operational resilience and cybersecurity practices to provide an organization with a greater awareness of its network posture.
The Cyber Infrastructure Survey is a much simpler and lighter assessment that focuses on assessing an organization’s critical services against cybersecurity controls grouped into five domains.
The malicious Domain Blocking and Reporting service helps prevent IT systems from accessing malicious domains, limiting infections.
To sign up for the MDBR, visit https://www.cisecurity.org/ms-isac/services/mdbr/
See Infosec IQ in action
Utilizing CISA
CISA provides quite a lot of documentation that can be used to effectively prevent cyberattacks and increase the resilience of your IT infrastructure. It should be noted that cybersecurity is hard work and should be taken seriously to avoid losing even more in terms of the initial investment in effort. If not taken seriously, you will lose more effort, money and lost data.
Sources
- Reduce security events
- Reinforce cyber secure behaviors
- Strengthen cybersecurity culture at your organization
In this Series
- Free Cybersecurity and Infrastructure Security Agency (CISA) ransomware resources to help reduce your risk
- Tax scam season: How to protect your data from common scams in 2024
- Security awareness for kids: Tips for safe internet use
- Celebrate Data Privacy Week: Free privacy and security awareness resources
- Consumer data, who owns it and who protects it?
- Human error is responsible for 74% of data breaches
- What is a social engineering attack?
- Biggest cybersecurity mistakes by large organizations
- 4 common social media scams (and how to avoid them)
- From theory to practice: Designing a successful security awareness training program
- Understanding cyberattacks: Types, risks and prevention strategies
- Securing digital frontiers: The importance of information and IT security awareness training
- Optimizing your corporate security awareness training: Strategies and techniques
- What is security awareness: Definition, history and types
- Top 10 security awareness training topics for your employees in 2023 and beyond
- AI best practices: How to securely use tools like ChatGPT
- Connecting a malicious thumb drive: An undetectable cyberattack
- 5 ways to prevent APT ransomware attacks
- 4 mistakes every higher ed IT leader should avoid when building a cybersecurity awareness program
- ISO 27001 security awareness training: How to achieve compliance
- Run your security awareness program like a marketer with these campaign kits
- Deepfake phishing: Can you trust that call from the CEO?
- Fake shopping stores: A real and dangerous threat
- 10 best security awareness training vendors in 2022
- How to hack two-factor authentication: Which type is most secure?
- Malicious push notifications: Is that a real or fake Windows Defender update?
- How IIE moved mountains to build a culture of cybersecurity
- At Johnson County Government, success starts with engaging employees
- How to transform compliance training into a catalyst for behavior change
- Specialty Steel Works turns cyber skills into life skills
- The other sextortion: Data breach extortion and how to spot it
- Texas HB 3834: Security awareness training requirements for state employees
- SOCs spend nearly a quarter of their time on email security
- Security awareness manager: Is it the career for you?
- Risks of preinstalled smartphone malware in a BYOD environment
- The ROI of security awareness training
- 5 reasons to implement a self-doxxing program at your organization
- What is a security champion? Definition, necessity and employee empowerment [Updated 2021]
- Excel 4.0 malicious macro exploits: What you need to know
- Worst passwords of the decade: A historical analysis
- ID for Facebook, Twitter and other sites? Not so fast, says security expert
- 3 surprising ways your password could be hacked
- Fake online shopping websites: 6 ways to identify a fraudulent shopping website
- All about carding (for noobs only) [updated 2021]
- Password security: Complexity vs. length [updated 2021]
- What senior citizens need to know about security awareness
- 55 federal and state regulations that require employee security awareness and training
- Brand impersonation attacks targeting SMB organizations
- How to avoid getting locked out of your own account with multi-factor authentication
- Breached passwords: The most frequently used and compromised passwords of the year
- Top 5 ways ransomware is delivered and deployed
We’ll customize our demo to your
- Security awareness goals
- Existing security and employee training tools
- Industry and compliance requirements
Security awareness
Tax scam season: How to protect your data from common scams in 2024
Security awareness
Security awareness
Celebrate Data Privacy Week: Free privacy and security awareness resources
Security awareness