The U.S. Government launched a new website to help public and private organizations defend against the rise in ransomware cases. StopRansomware.gov is a whole-of-government approach that gives one central location for ransomware resources and alerts. We encourage organizations to use this new website to understand the threat of ransomware, mitigate risk, and in the event of an attack, know what steps to take next.
The StopRansomware.gov webpage is an interagency resource that provides our partners and stakeholders with ransomware protection, detection, and response guidance that they can use on a single website. This includes ransomware alerts, reports, and resources from CISA, the FBI, and other federal partners.
Visitors to the website will see three primary sections for "What is Ransomware?," "Have You Been Hit By Ransomware?," and "Avoid Being Hit by Ransomware," where defenders can find educational resources and best practices for analyzing and containing an attack, as well as links to training and webinars to strengthen ransomware response.
Read the full CISA release for more details.
In addition to the website CISA has also released its new Ransomware Readiness Assessment what allows organizations to test how well their networks can protect against and recover from ransomware attacks - and provides advice on improvements.
Organizations can test their network defences and evaluate if their cybersecurity procedures can protect them from a ransomware attack using a new self-assessment tool from the US Cybersecurity and Infrastructure Security Agency (CISA).
The Ransomware Readiness Assessment (RRA) is a new module in CISA's Cyber Security Evaluation Tool (CSET) that allows organizations to assess how well equipped they are to defend and recover from a ransomware attack.
The CISA tool asks users to answer a series of questions about their cybersecurity policies with the aim helping organizations improve their defences against ransomware. It focuses on the basics first, before moving onto intermediate and advanced questions and tutorials.
The aim is to make it useful for organizations whatever the state of their cybersecurity strategy, so CISA is strongly encouraging all organizations to take the Ransomware Readiness Assessment.
"CISA has tailored the RRA to varying levels of ransomware threat readiness to make it useful to all organizations regardless of their current cybersecurity maturity," said CISA.
We at Cymonix applaud the Government for its efforts to educate the public and supply tools. Because ransomware attacks are usually conducted by financially motivated criminal gangs, they aren’t as sophisticated as attacks by nation states, and following basic security best practices by individual enterprises can go a long way in reducing risk. These sites and tools surely can help.
Please keep in mind attackers are increasingly going after non-technology companies, including critical infrastructure like oil pipelines, which typically aren’t the most technologically advanced enterprises. Government-mandated cybersecurity requirements can help raise the cybersecurity baseline in such industries and we surely are expecting more requirements for other industries.
Paying a ransom hardly guarantees that you’ll get your data back. According to the survey, only 8 percent of organizations were able to get all their data back after paying a ransom, and 29 percent got back less than half of their data.
The average ransom size was $170,404, with some organizations paying millions. But the total cost of remediation was much higher – ten times higher – coming in at $1.85 million on average, up from $761,106 last year.
Plus, even after companies pay ransoms, get decryption keys, and manage to restore their systems, they aren’t in the clear.
First, ransomware gangs now routinely exfiltrate data before encrypting it, for extra leverage. Paying a ransom doesn't mean that they won't release the data to the public.
"There's nothing you can do to prevent the threat of them potentially releasing the data," "Once it's out, it's out."
And there's also nothing keeping criminals from coming back and running another ransomware attack. Now they know that the organization is vulnerable and willing to pay up.
The best response to a ransomware attack is to have systems in place to limit the attack’s damage radius, good backups, a response plan in place, and the ability to restore affected systems from backups.
If you enjoyed this article- please check out our other articles. Also if you have any Cybersecurity concerns and need to talk with an expert we can be reached here.