As a consumer, you may have noticed an increase in news reports about ransomware attacks on various institutions, such as hospitals, educational systems, and financial institutions. As an application developer, it can be alarming to consider the possibility of your business becoming a target.
However, the Cybersecurity and Infrastructure Security Agency (CISA) provides valuable guidance and resources to help organizations protect themselves and the public against ransomware attacks, which are on the rise worldwide.
In this article, we will review CISA’s Stop Ransomware campaign and the resources available for you to protect and recover from a ransomware attack.
What is CISA’s #StopRansomware Campaign?
#StopRansomware is a global awareness campaign launched in 2020 by the Cybersecurity and Infrastructure Security Agency (CISA) to help organizations protect themselves from ransomware attacks.
“Over the past year, the Joint Ransomware Task Force has brought together expertise, capabilities, and resources across the federal government and our partners to more effectively understand and address ransomware campaigns targeting American organizations,” said Eric Goldstein, executive assistant director for CISA.
The campaign provides organizations and groups with resources and guidance on preventing, detecting, responding to, and recovering from ransomware attacks.
CISA’s #StopRansomware Campaign Resources
The #StopRansomware campaign provides resources to help organizations protect themselves from ransomware attacks.
These resources are created in conjunction with the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency, the United States Secret Service, the Department of Justice's Federal Bureau of Investigation, the U.S. Department of Health and Human Services, the National Institute of Standards and Technology, and the U.S. Department of Treasury.
These resources include:
- Prevention - Guidance on implementing security controls to prevent ransomware attacks. Implement security controls like strong passwords, multi-factor authentication, and network segmentation. Keep your software updated, as updates often include security patches that can protect your systems from known vulnerabilities.
- Detection - Guidance on how to detect ransomware attacks. Monitor for unusual network activity and suspicious emails to detect ransomware attacks. Be careful what you click on, and avoid opening emails from unknown senders or clicking on links in emails that you're not sure about.
- Response - Guidance on how to respond to ransomware attacks. Have a plan for responding to a ransomware attack, including backing up data and communicating with affected employees. Follow the plan and take the necessary steps to restore systems.
- Recovery - Guidance on how to recover from ransomware attacks. Regularly back up your data to help recover it if it is encrypted by ransomware. In case of an attack, focus on restoring backed-up data and rebuilding systems as needed.
In addition to the #StopRansomware campaign, CISA also offers a number of other resources to help organizations protect themselves from ransomware attacks.
These resources include:
- The Ransomware Guide: This guide provides organizations with best practices for preventing, detecting, responding to, and recovering from ransomware attacks.
- The Ransomware Readiness Self-Assessment: This assessment helps organizations to assess their ransomware readiness and identify areas where they can improve their security posture.
- CISA Scanning and Testing Services: To help organizations assess, identify, and reduce their exposure to threats, including ransomware.
- Internet Crime Complaint Center: Reporting mechanism to submit information to the FBI concerning suspected Internet-facilitated criminal activity.
How Secure Coding Training Can Help Stop Ransomware
In conjunction with their resources, CISA recommends training for federal employees, private-sector cybersecurity professionals, critical infrastructure operators, educational partners, and the general public.
CISA emphasizes the importance of secure coding training to help prevent ransomware attacks. Secure coding training programs teach technical and non-technical users to recognize common security threats.
Security Journey offers a Level One learning path to cover foundational vocabulary and awareness of common vulnerabilities for developers and non-developers to ensure all of your teams are aligned and aware of common ransomware vulnerabilities.
2023 CISA #StopRansomware Guidance Updates
On May 23, 2023, CISA and the partner organizations published updated guidance to their #StopRansomware campaign.
- Updated recommendations for preventing common initial infection vectors, including compromised credentials and advanced forms of social engineering
- Updated recommendations to address cloud backups and zero trust architecture (ZTA)
- Expanded the Ransomware Response Checklist with threat-hunting tips for detection and analysis
Read More: #StopRansomware Guide
The #StopRansomware campaign is a valuable resource for organizations of all sizes. By following the guidance provided by the campaign, organizations can help to protect themselves from ransomware attacks and mitigate the damage caused by these attacks.