US CISA releases guidance on how to prevent ransomware data breaches

The US Cybersecurity and Infrastructure Security Agency (CISA) released guidance on how to prevent data breaches resulting from ransomware attacks.

Most of the recent ransomware attack resulted in data breaches for the victims, threat actors implemented a double-extortion schema threatening the victims to data stolen before encrypting them on compromised systems.

Over the past several years, government agencies and its partners have responded to a significant number of
ransomware attacks, including recent attacks against Colonial Pipeline and and U.S. software company Kaseya.

The guidance aims at helping government and private sector organizations in preventing such kinds of incidents.

“All organizations are at risk of falling victim to a ransomware incident and are responsible for protecting sensitive and personal data stored on their systems. This fact sheet provides information for all government and private sector organizations, including critical infrastructure organizations, on preventing and responding to ransomware-caused data breaches.” reads CISA’s guideline. “CISA encourages organizations to adopt a heightened state of awareness and implement the recommendations”

CISA recommends organizations to implement best practices included in its fact sheet to prevent cyber attacks, the list of best practices includes:

• Maintain offline, encrypted backups of data and regularly test your backups
• Create, maintain, and exercise a basic cyber incident response plan, resiliency plan, and associated communications plan
• Mitigate internet-facing vulnerabilities and misconfigurations to reduce the attack vector
• Reduce the risk of phishing emails from reaching end users by enabling strong spam filters and implementing user awareness and training programs
• Practice good cyber hygiene by using up-to-date anti-malware solutions and application, implementing application allowlisting, ensuring user and privileged accounts are limited, enabling MFA, and implementing cybersecurity best practices

The fact sheet also recommends organizations to protect sensitive data belonging to customers or employees.

In July, the US Cybersecurity and Infrastructure Security Agency (CISA) has released the Ransomware Readiness Assessment (RRA), a new ransomware self-assessment security audit tool for the agency’s Cyber Security Evaluation Tool (CSET).RRA could be used by organizations to determine their level of exposure to ransomware attacks against their information technology (IT), operational technology (OT), or industrial control system (ICS) assets.

Follow me on Twitter: @securityaffairs and Facebook

[adrotate banner=”9″]

[adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, CISA)

[adrotate banner=”5″]

[adrotate banner=”13″]