CISA MS-ISAC Publish Updated Ransomware Guide

Subscribe to our cybersecurity blog

September, 2020 CISA (Cybersecurity Infrastructure Security Agency) and MS-ISAC (Multi-State Information Sharing & Analysis Center) published an updated Ransomware Guide outlining best practices and recommendations for ransomware incident preparedness and incident response.

Malicious cyber actors continually produce elaborately designed ransomware to target and laterally attack entire networks. These ransomware attacks compromise data, steal valuable information and delete system backups leaving “organizations without the data they need to operate and deliver mission-critical services.” The Ransom Guide also cites that monetary demands are on the rise with reported demand amounts more than $1 million USD per incident. A lucrative enterprise for malicious actors, not so much for the organizations they target.

Preventing Ransomware Incidents

  • Conduct regular backups that are kept offline
  • Have an incident response plan in place.
  • Be vigilant and monitor your network.
  • Make sure all patches are up to date.
  • Ensure all devices are properly configured and security features are enabled.
  • Observe best practices for RDP (remote desktop protocol) and VPNs.
  • Block all SMBs (Server Message Blocks) from external accessibility and remove or disable outdated versions.

Cyber Training Personnel

  • One of the key components to thwarting cyber attacks and keeping your network secure is training your personnel and preparing them for a wide scope of cybersecurity scenarios.
  • Train personnel to recognize and report suspicious activity.
  • Implement filters on email gateway.
  • Implement Domain-based Message Authentication to lower risk of spoofed or modified emails from valid domains.
  • Disabling macro scripts from Microsoft Office should be taken under consideration.

Software and Services

Software and services updates are critical to digital safety and cybersecurity providing threat detection alerts and keeping hackers from invading your systems.

  • Keep malware and anti-virus software up to date.
  • Block unauthorized software from running.
  • Consider an IDS (Intrusion Detection Service).
  • Make sure any third parties or MSPs you work with have up-to-date cybersecurity policies in place and adhere to cybersecurity best practices.

System Hardening to Reduce Security Vulnerabilities

Creating a secure and compliant state for all IT systems it is necessary to identify and eliminate potential attack vectors within system configurations and settings.

  • Implement MFA (Multi-Factor Authentication) wherever possible.
  • Limit or restrict user permissions, admin, and network access.
  • Enable security settings when using cloud environments.
  • Develop and maintain a network diagram of connected devices and a list of all software and hardware.
  • Implement network segmentation.
  • Restrict use of PowerShell.
  • Secure Domain Controllers (DCs).
  • Fix misconfigured firewalls.
  • Record and maintain log files.
  • Know your cyber posture

Detection Before Exploitation

SecuLore Solutions’ team of cyber analysts are armed with unique expertise in public-safety-targeted cyber-attacks and use this experience to identify activity that may be an indication of hackers’ presence in your network.

Incident Response

In the event of a cyber incident SecuLore works in collaboration with IT teams, delivering customized support, quickly and effectively mitigating an attack through comprehensive investigation, containment, remediation, guidance, and crisis management.

Contact us today to learn more about how we can help you protect your network.


You may also like

NOC vs SOC: What is the Difference?

A Network Operations Center (NOC) and a Security Operations Center (SOC) are ...

Read More

What to Know About the Cyber Incident Reporting for Critical Infrastructure Act of 2022

If you haven’t been living under a rock, it would be hard not to notice the ...

Read More

Public Safety and Services Already Feeling Wide Impact of Kronos Ransomware Attack

Kronos, a widely used multinational workforce management platform, was hit with ...

Read More

What You Should Look for in Cloud Security

The trend to use cloud-based applications and services saw its growth ...

Read More

In wake of the Log4j Vulnerability, increase focus on Cybersecurity Posture

2021 saw notable increases in cyber attacks on critical infrastructure and ...

Read More