US CISA releases guidance on how to prevent ransomware data breaches

The US Cybersecurity and Infrastructure Security Agency (CISA) released guidance on how to prevent data breaches resulting from ransomware attacks.

Most of the recent ransomware attack resulted in data breaches for the victims, threat actors implemented a double-extortion schema threatening the victims to data stolen before encrypting them on compromised systems.

Over the past several years, government agencies and its partners have responded to a significant number of
ransomware attacks, including recent attacks against Colonial Pipeline and and U.S. software company Kaseya.

The guidance aims at helping government and private sector organizations in preventing such kinds of incidents.

“All organizations are at risk of falling victim to a ransomware incident and are responsible for protecting sensitive and personal data stored on their systems. This fact sheet provides information for all government and private sector organizations, including critical infrastructure organizations, on preventing and responding to ransomware-caused data breaches.” reads CISA’s guideline. “CISA encourages organizations to adopt a heightened state of awareness and implement the recommendations”

CISA recommends organizations to implement best practices included in its fact sheet to prevent cyber attacks, the list of best practices includes:

Maintain offline, encrypted backups of data and regularly test your backups
Create, maintain, and exercise a basic cyber incident response plan, resiliency plan, and associated communications plan
Mitigate internet-facing vulnerabilities and misconfigurations to reduce the attack vector
Reduce the risk of phishing emails from reaching end users by enabling strong spam filters and implementing user awareness and training programs
Practice good cyber hygiene by using up-to-date anti-malware solutions and application, implementing application allowlisting, ensuring user and privileged accounts are limited, enabling MFA, and implementing cybersecurity best practices

The fact sheet also recommends organizations to protect sensitive data belonging to customers or employees.

In July, the US Cybersecurity and Infrastructure Security Agency (CISA) has released the Ransomware Readiness Assessment (RRA), a new ransomware self-assessment security audit tool for the agency’s Cyber Security Evaluation Tool (CSET).RRA could be used by organizations to determine their level of exposure to ransomware attacks against their information technology (IT), operational technology (OT), or industrial control system (ICS) assets.

Follow me on Twitter: @securityaffairs and Facebook

[adrotate banner=”9″]

[adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, CISA)

[adrotate banner=”5″]

[adrotate banner=”13″]

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.