The Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) published a cybersecurity advisory today to highlight precautions and mitigation steps that public and private sector organizations can take to reduce their risk to ransomware and other cyber attacks, specifically leading up to holidays and weekends. This advisory is based on observations on the timing of high impact ransomware attacks that have occurred previously rather than a reaction to specific threat reporting.
CISA and the FBI outline in the advisory network defense practices that can be taken to manage the risk posed by all cyber threats, including ransomware. One recommended action is for organizations with necessary capabilities to engage in preemptive threat hunting on their networks to search for signs of threat actors. For organizations unfamiliar with this best practice, the advisory provides basic elements to threat hunting and explains the benefits of a proactive strategy. The advisory also contains recommendations for fundamental best practices that should be adopted by all organizations, including implementing multi-factor authentication for remote access and administrative accounts.
“Ransomware continues to be a national security threat and a critical challenge, but it is not insurmountable,” said Eric Goldstein, Executive Assistant Director for Cybersecurity, CISA. “With our FBI partners, we continue to collaborate daily to ensure we provide timely, useful and actionable advisories that help industry and government partners of all sizes adopt defensible network strategies and strengthen their resilience. All organizations must continue to be vigilant against this ongoing threat.”
In addition to a current threat overview of recent holiday targeting and trends of common ransomware variants used in an attack, the advisory notes that paying a ransom to criminal actors does not guarantee data will be recovered – organizations should not pay the ransom. Regardless of whether a company pays a ransom or not, it is important that the incident be reported to CISA or local FBI field office. As a cybersecurity community, one of the best ways to prevent future ransomware attacks and hold these criminals accountable is for cyberattack victims to report it. The advisory lists specific forensic artifacts that are especially helpful to help identify the perpetrators and protect others.