CISA MS-ISAC Publish Updated Ransomware Guide

Subscribe to our cybersecurity blog

September, 2020 CISA (Cybersecurity Infrastructure Security Agency) and MS-ISAC (Multi-State Information Sharing & Analysis Center) published an updated Ransomware Guide outlining best practices and recommendations for ransomware incident preparedness and incident response.

Malicious cyber actors continually produce elaborately designed ransomware to target and laterally attack entire networks. These ransomware attacks compromise data, steal valuable information and delete system backups leaving “organizations without the data they need to operate and deliver mission-critical services.” The Ransom Guide also cites that monetary demands are on the rise with reported demand amounts more than $1 million USD per incident. A lucrative enterprise for malicious actors, not so much for the organizations they target.

Preventing Ransomware Incidents

  • Conduct regular backups that are kept offline
  • Have an incident response plan in place.
  • Be vigilant and monitor your network.
  • Make sure all patches are up to date.
  • Ensure all devices are properly configured and security features are enabled.
  • Observe best practices for RDP (remote desktop protocol) and VPNs.
  • Block all SMBs (Server Message Blocks) from external accessibility and remove or disable outdated versions.

Cyber Training Personnel

  • One of the key components to thwarting cyber attacks and keeping your network secure is training your personnel and preparing them for a wide scope of cybersecurity scenarios.
  • Train personnel to recognize and report suspicious activity.
  • Implement filters on email gateway.
  • Implement Domain-based Message Authentication to lower risk of spoofed or modified emails from valid domains.
  • Disabling macro scripts from Microsoft Office should be taken under consideration.

Software and Services

Software and services updates are critical to digital safety and cybersecurity providing threat detection alerts and keeping hackers from invading your systems.

  • Keep malware and anti-virus software up to date.
  • Block unauthorized software from running.
  • Consider an IDS (Intrusion Detection Service).
  • Make sure any third parties or MSPs you work with have up-to-date cybersecurity policies in place and adhere to cybersecurity best practices.

System Hardening to Reduce Security Vulnerabilities

Creating a secure and compliant state for all IT systems it is necessary to identify and eliminate potential attack vectors within system configurations and settings.

  • Implement MFA (Multi-Factor Authentication) wherever possible.
  • Limit or restrict user permissions, admin, and network access.
  • Enable security settings when using cloud environments.
  • Develop and maintain a network diagram of connected devices and a list of all software and hardware.
  • Implement network segmentation.
  • Restrict use of PowerShell.
  • Secure Domain Controllers (DCs).
  • Fix misconfigured firewalls.
  • Record and maintain log files.
  • Know your cyber posture

Detection Before Exploitation

SecuLore Solutions’ team of cyber analysts are armed with unique expertise in public-safety-targeted cyber-attacks and use this experience to identify activity that may be an indication of hackers’ presence in your network.

Incident Response

In the event of a cyber incident SecuLore works in collaboration with IT teams, delivering customized support, quickly and effectively mitigating an attack through comprehensive investigation, containment, remediation, guidance, and crisis management.

Contact us today to learn more about how we can help you protect your network.

 

You may also like

Knowing Your Cyber Posture and Why It’s Important

In today’s world of increasing dependency on computer networks and connected ...

Read More

NOC vs SOC: What is the Difference?

A Network Operations Center (NOC) and a Security Operations Center (SOC) are ...

Read More