Ransomware Defense-in-Depth

Ransomware is one of the most common and impactful cyber threats affecting U.S. State, Local, Tribal, and Territorial (SLTT) government organizations. It is a form of malware programmed to encrypt or lock files, rendering systems unusable. Cyber threat actors (CTAs) demand a ransom in exchange for the key to decrypt or unlock these files. Oftentimes, they threaten to post stolen data online if the ransom is not paid, a threat which is known as double extortion. Such incidents range from simple automated attacks against one device to more complex operations involving ransomware that moves laterally across entire business networks.

We then explore how to mitigate the threat of ransomware using a defense-in-depth strategy powered by resources that are available through the Multi-State Information Sharing and Analysis Center (MS-ISAC) at no or low cost to SLTTs.