CISA Updates #StopRansomware Guide

To add perspective, stay relevant, and boost effectiveness, the Cybersecurity and Infrastructure Security Agency (CISA) recently updated their #StopRansomware Guide.

The guide was originally developed through the Joint Ransomware Task Force (JRTF) in 2020. It resulted from the combined efforts of the CISA and the Multi-State Information Sharing and Analysis Center (MS-ISAC). Today, the JRTF continues to be an interagency body and includes contributions from the NSA and FBI as well.

Subject matter experts from these four federal organizations work together to combat the threat of ransomware. Their scope is not limited to the federal level, but also includes state, local, tribal, and territorial sectors. They collaborate with private and critical infrastructure sectors, as well as the international cybersecurity community, as needed.

With malicious actors constantly adjusting and adapting their tactics and techniques, revisions to the guide were necessary to keep up with the evolving cybersecurity landscape. Before we go over the CISA’s updates to the #StopRansomware Guide, let’s briefly review what ransomware is.

What is Ransomware?

Ransomware is an ever-changing type of malicious software, or malware, that encrypts files on a device making them unusable. Threat actors then hold the data hostage until the ransom is paid. There is no guarantee that the victim’s files will be decrypted if the attacker’s demands are met. If payment is not sent, a cybercriminal will often pressure the target by threatening to leak, sell, or destroy the stolen data. This tactic of “double extortion” in combination with the threat of exposing a victim’s data makes this cyber-attack especially dangerous for organizations across all industries.

Ready to learn about the additions to the #StopRansomware Guide? Let’s go through each item below.

Updated CISA Guidance

1. Limit the use of RDP and other remote desktop services: If reaching a network through remote access is necessary, make sure best practices are in place. Cyberattackers typically gain initial access to a network through this method, then cut through using Windows’ remote desktop client. Cybercriminals may also take advantage of virtual private networks or use compromised credentials to hack into a network.
2. Implement phishing-resistant multi-factor authentication (MFA) for all services: If you haven’t already rolled out MFA for accounts that access vital systems, please reach out to us! This includes email and virtual private network (VPNs) logins. It’s important to identify systems that don’t allow or enforce MFA, and any users who aren’t enrolled with it.
3. Consider password-less MFA: This type of MFA replaces passwords with two or more authentication factors. This could be a pin, a fingerprint, facial recognition, or a key.
4. Consider subscribing to services that dig through the dark web for compromised credentials and other sensitive information: Some monitoring services include DarkOwl, Mozilla, Webhose, and Have I Been Pwned.
5. Create policies to include cybersecurity awareness training: Providing information about advanced forms of social engineering to staff who have access to your network is crucial. Tips on how to recognize fake websites and search results, phishing and spam emails, should be included in trainings. To keep teams informed and on the lookout, be sure to repeat security awareness trainings regularly.
6. Consider a multi-cloud solution: In the event that accounts under the same vendor are impacted (e.g. services go down with Microsoft, Google, etc.), having cloud-to-cloud backups help to avoid vendor lock-in and keep your data available.
7. Implement a zero-trust architecture (ZTA) to prevent unauthorized access to data and services: In simpler terms, enforce access control as much as possible. ZTA acts as if a network is compromised and acts at the lowest privilege level. Only allow for higher permissions to administrative technology staff to prevent unauthorized access to integral systems and services.
8. Employ logical and physical means of network segmentation by implementing ZTA: Keeping IT and operational technology separate is just as important as keeping business units or departmental IT resources apart from one another.

To view the #StopRansomware Guide in full and learn how to protect yourself further, it can be accessed here.

Let us help you roll out some of CISA’s suggested preventative measures!

Here at Orange County Computer / OC Cloud9, we proactively protect our client data by staying one step or more ahead of potential cyberattacks. Let’s protect you against potential ransomware and other cyberthreats! Our team is passionate about data security and protection and have a proven track record of happy customers with smooth transitions into private cloud solutions. Our beginning-to-end process ensures your business needs are met through extensive research, design, and implementation of our cloud services.

Call us today and ask us how we can help you implement any of the above additions from CISA’s #StopRansomware Guide. Learn more about our solutions by visiting our website or speak with a member of our Cloud Solutions Team any time at our Orange County office by calling (949) 522-7709. Contact us today!