The Cybersecurity and Infrastructure Security Agency (CISA) is leading a ransomware awareness campaign, Reduce the Risk of Ransomware, with information and resources for organizations and individuals to use. Also, CISA is emphasizing nine smart cyber habits individuals and organizations should implement to avoid falling victim to ransomware.
Why Should You Care?
Consequences of a ransomware attack can be severe, and there is no guarantee a user will recover their data, even if they chose to pay the ransom money. On a personal level, an infection can result in financial damage or disclosure of sensitive information. On an organizational level, ransomware can cause business operation disruptions, financial damage from a payout or costly investigations, and reputational damage causing loss of current or potential customers.
Smart Cyber Habits
During this awareness campaign, CISA emphasizes nine key messages that promote smart cyber behaviors or actions that individuals and organizations should implement to help prevent and mitigate ransomware attacks.
- Keep Calm and Patch On – Patching is essential for preventive maintenance that keeps machines up-to-date, stable, safe, and secure against malware and other cyber threats.
- Backing Up Is Your Best Bet – It is critical to set up offline, encrypted backups of data and to regularly test your backups. The more you automate your backup system, the more frequently you can back up your data.
- Suspect Deceit? Hit Delete. – If an email looks suspicious, do not compromise your personal or professional information by responding or opening attachments. Delete junk email messages without opening them.
- Always Authenticate – Implement multifactor authentication (MFA) to prevent data breaches and cyber-attacks. This includes a strong password and at least one other method of authentication.
- Prepare and Practice Your Plan – Create, maintain, and exercise a basic cyber incident response plan and associated communications plan that includes response and notification procedures for a ransomware incident.
- Your Data Will Be Fine If It’s Stored Offline – Local backups, stored on hard drives or media, provide a sense of security in case any issues occur. Keep your backup media in a safe and physically remote environment.
- Secure Your Server Message Block (SMB) – SMB vulnerabilities allow their payloads to spread laterally through connected systems like a worm. CISA recommends all IT professionals disable their SMB protocols to prevent ransomware and other malware attacks.
- Paying Ransoms Doesn’t Pay Off – The U.S. government recommends against paying any ransom to cyber-crime organizations or malicious cyber actors. Paying a ransom only funds cybercriminals, and there is no guarantee that you will recover your data if you do pay.
- Ransomware Rebuild and Recovery Recommendations – Identify the systems and accounts involved in the initial data breach and conduct an examination of existing detection or prevention systems. Once the environment is fully cleaned and rebuilt, issue password resets for all affected systems and address any associated vulnerabilities and gaps in security or visibility.
Ransomware has become a significant cyber threat to our nation, claiming victims such as local governments, hospital networks, and most recently K-12 schools. While ransomware incidents are prevalent among government entities and critical infrastructure organizations, individuals are still very much at risk. Malicious actors can target anyone with a device connected to the internet or important data stored on their network. In some cases, personal attacks may be more detrimental considering home users don’t typically have a backup strategy in place.
If you are become a victim of ransomware attack, you should report it to CISA at https://us-cert.cisa.gov/report.