Steps to Safeguard Against Ransomware Attacks

["US-CERT" <US-CERT () ncas us-cert gov>]

Cybersecurity and Infrastructure Security Agency Logo

National Cyber Awareness System:

Steps to Safeguard Against Ransomware Attacks [ 
https://www.us-cert.gov/ncas/current-activity/2019/07/30/steps-safeguard-against-ransomware-attacks ] 07/30/2019 12:43 
PM EDT 
Original release date: July 30, 2019

The Cybersecurity and Infrastructure Security Agency (CISA), Multi-State Information Sharing & Analysis Center 
(MS-ISAC), National Governors Association (NGA), and the National Association of State Chief Information Officers 
(NASCIO) have released a Joint Ransomware Statement [ 
https://www.us-cert.gov/sites/default/files/2019-07/Ransomware_Statement_S508C.pdf ] with recommendations for state and 
local governments to build resilience against ransomware [ https://www.us-cert.gov/Ransomware ]:


  * *Back up systemsnow (and daily).* Immediately and regularly back up all critical agency and system configuration 
information on a separate device and store the backups offline, verifying their integrity and restoration process. If 
recovering after an attack, restore a stronger system than the one lost, fully patched and updated to the latest 
version. 
  * *Reinforce basic cybersecurity awareness and education.* Ransomware attacks often require the human element to 
succeed. Refresh employee training on recognizing cyber threats, phishing, and suspicious linksthe most common vectors 
for ransomware attacks. Remind employees of how to report incidents to appropriate IT staff in a timely manner, which 
should include out-of-band communication paths. 
  * *Revisit and refine cyber incident response plans.* Have a clear plan to address attacks when they occur, including 
when internal capabilities are overwhelmed. Make sure response plans include how to request assistance from external 
cyber first responders, such as state agencies, CISA, and MS-ISAC, in the event of an attack. 

CISA encourages organizations to review the Joint Ransomware Statement [ 
https://www.us-cert.gov/sites/default/files/2019-07/Ransomware_Statement_S508C.pdf ] and the following ransomware 
guidance:


  * MS-ISAC Security Primer on Ransomware [ https://www.cisecurity.org/white-papers/ms-isac-security-primer-ransomware/ 
] 
  * CISA Tip Sheet on Ransomware [ https://www.us-cert.gov/Ransomware ] 
  * NGA Disruption Response Planning Memo [ https://www.nga.org/wp-content/uploads/2019/04/IssueBrief_MG.pdf ] 
  * NASCIO Cyber Disruption Planning Guide [ 
https://www.nascio.org/Portals/0/Publications/Documents/2016/NASCIO_CyberDisruption_072016.pdf ] 

This product is provided subject to this Notification [ https://www.us-cert.gov/privacy/notification ] and this Privacy 
& Use [ https://www.dhs.gov/privacy-policy ] policy.

body { font-size: 1em; font-family: Arial, Verdana, sans-serif; font-weight: normal; font-style: normal; color: 
#333333; } ________________________________________________________________________

A copy of this publication is available at www.us-cert.gov [ https://www.us-cert.gov ]. If you need help or have 
questions, please send an email to info () us-cert gov. Do not reply to this message since this email was sent from a 
notification-only address that is not monitored. To ensure you receive future US-CERT products, please add US-CERT () 
ncas us-cert gov to your address book. 

OTHER RESOURCES: Contact Us [ http://www.us-cert.gov/contact-us/ ] | Security Publications [ 
http://www.us-cert.gov/security-publications ] | Alerts and Tips [ http://www.us-cert.gov/ncas ] | Related Resources [ 
http://www.us-cert.gov/related-resources ]  

STAY CONNECTED: Sign up for email updates [ http://public.govdelivery.com/accounts/USDHSUSCERT/subscriber/new ]