CISA releases resources to help organizations combat ransomware

The Cybersecurity and Infrastructure Security Agency (CISA) is launching an effort to encourage public and private sector organizations to implement best practices to mitigate ransomware risks.

The Reduce the Risk of Ransomware Campaign will raise awareness about the importance of combating ransomware as part of an organization’s cybersecurity and data protection best practices. CISA will use its social media platforms to iterate key behaviors or actions and provide resource links to combat ransomware attacks in the coming months.

“CISA is committed to working with organization at all levels to protect their networks from the threat of ransomware,” Brandon Wales, acting director of CISA, said. “This includes working collaboratively with our public and private sector partners to understand, develop and share timely information about the varied and disruptive ransomware threats. Anyone can be the victim of ransomware, and so everyone should take steps to protect their systems.”

Ransomware has become an increasing threat to both public and private networks. It can cause data loss and create privacy concerns. These incidents can severely impact business processes and cost businesses billions of dollars a year. Malicious actors may pressure victims for payment by threatening to release stolen data if they refuse to pay. They may also publicly name and shame victims as secondary forms of extortion.

CISA has outlined four categories of ransomware resources:

Alerts and Statements: Official CISA updates to help stakeholders guard against the ever-evolving ransomware threat environment. The alerts are geared toward system administrators and other technical staff.

Guides and Services: Tips and best practices for home users, organizations, and technical staff.

Fact Sheets and Infographics: Straightforward information to help organizations and individuals better understand the threats and the consequences of a ransomware attack.

Trainings and Webinars: This information provides technical and non-technical audiences, including managers, business leaders, and technical specialists, with an organizational perspective and strategic overview.