Program

COVID-19 Federal Assistance e311

Topics

Federal Funding Streams, Fund Planning & Allocation, Program Administration

Funding Source

Infrastructure Investments and Jobs Act

What are short-term and long-term ways to minimize the likelihood of ransomware attacks?

As the frequency and impact of ransomware attacks increase over time, organizations should consider short- and long-term solutions to reduce the risk of ransomware attacks. In addition to complying with local, state, or tribal, and federal reporting requirements and statutes related to cyber incidents, organizations should consider the following non-exhaustive good practices for minimizing the impact of ransomware events.

Short-Term:

  • Engage with information sharing organizations like the Multi-State Information Sharing and Analysis Center to support awareness around emerging trends and threat types.
  • Engage with local information sharing organizations, such as regional Fusion Centers.[1]
  • Regularly check for Cybersecurity & Infrastructure Security Agency (“CISA”) alerts and follow available CISA guidance, such as the Ransomware Guide.[2]
  • Create an inventory of cyber assets that identifies relevant security procedures and risks.
  • Regularly update and maintain software security procedures.
  • Implement email security procedures to limit phishing and spoofing attempts, and pair them with staff training on basic cyber hygiene and good practices.
  • Consider the impacts of ransomware events on third-party vendors and work with these entities to identify backups and formalize security procedures.
  • Implement multi-factor authentication on applicable platforms.

Long-Term:

  • Develop a cyber incident response plan to direct coordination during a ransomware incident or consider developing a ransomware annex to your cyber incident response plan identifying specific considerations for ransomware events.
  • Using assessments and evaluations, identify training needs for all staff and technical staff to help mitigate the human-caused errors that lead to ransomware attacks.
  • Conduct vulnerability assessments and penetration testing to identify potential access points and necessary hardening measures.
  • Using assessments and evaluations, identify software gaps and create stronger defenses against common types of ransomwares.
  • Align your organization with the National Institute of Standards and Technology (“NIST”) Cybersecurity Framework and use the Ransomware Risk Management Profile[3] to gain an understanding of your organization’s readiness and capability gaps as it relates to ransomware events.

Last Updated: March 3, 2023

 

[1] Department of Homeland Security, Fusion Centers, available at: https://www.dhs.gov/fusion-centers

[2] Cybersecurity & Infrastructure Security Agency, “Ransomware Guide,” available at: https://www.cisa.gov/stopransomware/ransomware-guide

[3] National Institute of Standards and Technology, “Ransomware Risk Management: A Cybersecurity Framework Profile,” available at: https://csrc.nist.gov/publications/detail/nistir/8374/final