The Cybersecurity and Infrastructure Security Agency (CISA) is leading a ransomware awareness campaign, Reduce the Risk of Ransomware, with information and resources for organizations and individuals to use. Also, CISA is emphasizing nine smart cyber habits individuals and organizations should implement to avoid falling victim to ransomware.
WHAT IS RANSOMWARE
Ransomware is a type of malicious software, or malware, designed to infect computers and encrypt files until a sum of money or other form of ransom is paid. After the initial infection, ransomware will attempt to spread to connected systems, including shared storage drives and other accessible devices.
Malicious cyber actors commonly distribute ransomware through phishing emails or “drive-by downloads.” Phishing emails are messages that appear to be from a legitimate organization or a contact familiar to the victim, which can entice the user to click on a corrupt link or open an infected attachment. A “drive-by download” is a program that automatically downloads from the internet without the user’s consent and often without their knowledge. It is possible the corrupt code may run after download, without user interaction. After the code has run, the computer becomes infected with ransomware.
SMART CYBER HABITS
During this awareness campaign, CISA emphasizes nine key messages that promote smart cyber behaviors or actions that individuals and organizations should implement to help prevent and mitigate ransomware attacks.
Original Document HERE
- Keep Calm and Patch On – Patching is essential for preventive maintenance that keeps machines up-to-date, stable, safe, and secure against malware and other cyber threats.
- Backing Up Is Your Best Bet – It is critical to set up offline, encrypted backups of data and to regularly test your backups. The more you automate your backup system, the more frequently you can back up your data.
- Suspect Deceit? Hit Delete. – If an email looks suspicious, do not compromise your personal or professional information by responding or opening attachments. Delete junk email messages without opening them.
- Always Authenticate – Implement multifactor authentication (MFA) to prevent data breaches and cyber-attacks. This includes a strong password and at least one other method of authentication.
- Prepare and Practice Your Plan – Create, maintain, and exercise a basic cyber incident response plan and associated communications plan that includes response and notification procedures for a ransomware incident.
- Your Data Will Be Fine If It’s Stored Offline – Local backups, stored on hard drives or media, provide a sense of security in case any issues occur. Keep your backup media in a safe and physically remote environment.
- Secure Your Server Message Block (SMB) – SMB vulnerabilities allow their payloads to spread laterally through connected systems like a worm. CISA recommends all IT professionals disable their SMB protocols to prevent ransomware and other malware attacks.
- Paying Ransoms Doesn't Pay Off – The U.S. government recommends against paying any ransom to cyber-crime organizations or malicious cyber actors. Paying a ransom only funds cybercriminals, and there is no guarantee that you will recover your data if you do pay.
- Ransomware Rebuild and Recovery Recommendations – Identify the systems and accounts involved in the initial data breach and conduct an examination of existing detection or prevention systems. Once the environment is fully cleaned and rebuilt, issue password resets for all affected systems and address any associated vulnerabilities and gaps in security or visibility.