Combatting Ransomware

 

This guide provides comprehensive information on ransomware mitigation strategies, incorporating activities from the National Institute of Standards & Technology (NIST) Cybersecurity Framework (CSF) and NIST SP 800-53. It is designed to help organizations enhance their cybersecurity posture and effectively combat ransomware threats.

The information presented here is based on recommendations from the Multi-State Information Sharing & Analysis Center^® (MS-ISAC^®) Metrics Working Group, which advises the federally funded Nationwide Cybersecurity Review (NCSR) assessment program.

Understanding Ransomware

What Is Ransomware?

Ransomware is a type of malicious software (malware) that restricts access to a computer system or files typically through encryption. The attacker then demands a ransom payment to restore access. This can result in significant productivity loss, financial damage, and reputational harm to an organization.

How Does Ransomware Spread?

Common vectors for ransomware include:

Email (Phishing)

• Users clicking on malicious links or attachments in spam emails
• Users divulging personal information through deceptive emails

Compromised Passwords/Credentials

• Weak passwords
• Compromised user authentication
• Credential abuse

Vulnerabilities

• Unpatched software or systems
• “Drive-By downloading” or malicious apps from app stores

Remote Desktop Protocol (RDP)

• Unsecured remote access points

Review our guide to learn how to prevent, prepare for, and respond to a ransomware attack.