The CISA updates its #StopRansomware guide

In September 2020, the CISA (Cybersecurity & Infrastructure Agency) and FBI launched a #StopRansomware guide for businesses operating in the United States. The aim of the guide is to give companies defence tools to combat differing ransomware variants and threat actors.

The guide was developed by the U.S. Joint Ransomware Task Force (JRTF). The JRTF was set up by the CISA and FBI as a response to a series of high profile ransomware attacks on the U.S government and critical infrastructure. JRTF is therefore a collaborative and streamlined government effort between the CISA and FBI to combat the increasing risks associated with ransomware attacks. The goal of this powerhouse organisation is to enable the U.S government to collaborate with private sector partners to facilitate information sharing and best practices with regards to ransomware defences.

Ransomware is a growing concern for the US government, which fuelled the efforts to create the #StopRansomware guide. According to Cyberscoop, financial institutions in the U.S experienced nearly $1.2 billion in costs associated with ransomware attacks in 2021. The costs represented a 200% increase from 2020 figures. Cybercrime Magazine expects the ‘global ransomware damage costs to reach $265 Billion By 2031. The figure is based on a 30% year over year growth in damage costs incurred as a result of ransomware attacks.

In May 2023, the CISA updated its #StopRansomware guide. The CISA deemed the updates as essential due to the fact that ransomware actors ‘have accelerated their tactics and techniques since the initial release of the document in September 2020’. The CISA listed the following updates:

• Listing the FBI and NSA as co-authors based on their contributions and operational insight.
• The incorporation of #StopRansomware effort into the title of the Guide to ensure clarity for users. 
• Additional recommendations for preventing the initial infection vectors that are commonly found in attacks. This includes compromised credentials and advanced forms of social engineering.
• Cross-Sector Cybersecurity Performance Goals (CPGs) being more concrete with mapped out recommendations.
• Expanding the ransomware response checklist to detail how to detect attacks with threat hunting tips.
• Updating recommendations to address cloud backups and zero trust architecture (ZTA).

At RFA, we help financial firms operating in the US to mitigate against ransomware attacks, whilst also assisting with cloud management and by developing bespoke cybersecurity strategies to suit individual business’ operational structure and goals.

We developed AiRE Platform, our managed detection & response software that supports clients by offering a 360 degree view managed security service of their entire technology estate whereby they can identify vulnerability points that could be exposed as initial infection vectors.

Our managed cloud services ensure that businesses are able to back up data and software. Should an attack be successful, our clients have access to software and assets to maintain operations and minimise the overall cost of the attack.

The #StopRansomware guide represents the efforts made by the US government to create unity between the government and firms operating in private sectors to combat ransomware attacks. At RFA, we are a unique IT, financial cloud and cyber-security provider to the financial services and alternative investment sectors that helps combat ransomware threats and help businesses to strategies for excellent overall cyber hygiene. If you would like to learn about how we can assist you with mitigating against ransomware, contact us today.