In a concerted effort to counter the ever-evolving tactics employed by ransomware actors, the Cybersecurity and Infrastructure Security Agency (CISA), in collaboration with the Federal Bureau of Investigation (FBI), the National Security Agency (NSA), and the Multi-State Information Sharing and Analysis Center (MS-ISAC), has unveiled an enhanced version of the StopRansomware Guide.
Originally launched in 2020, the updated StopRansomware Guide incorporates valuable insights collected over the past two years, providing organizations with additional recommended actions, resources, and tools to combat ransomware’s growing prevalence and impacts effectively.
Serving as a comprehensive resource, the StopRansomware Guide acts as a one-stop solution for organizations seeking to reduce the risk of ransomware incidents.
It equips them with best practices to detect, prevent, respond to, and recover from such attacks, offering step-by-step approaches to thwart potential threats.
With the ultimate aim of safeguarding facilities, personnel, and customers from the devastating consequences of ransomware and data exfiltration, the participating organizations urge organizations to review the StopRansomware Guide and take proactive measures to protect their digital assets.
The new StopRansomware Guide: What has changed?
Developed through the Joint Ransomware Task Force (JRTF), a collaborative interagency initiative established by Congress in 2022, the new StopRansomware Guide underscores the collective commitment of CISA and the FBI to curbing the rising prevalence and impact of ransomware attacks.
In 2023, the JRTF made significant progress in strengthening the fight against ransomware.
One area of focus has been standardizing and synchronizing federal engagement with ransomware victims. This ensures that victims receive the necessary support and services to restore their operations and minimize the impact of attacks.
“ZTA assumes a network is compromised and provides a collection of concepts and ideas designed to minimize uncertainty in enforcing accurate, least privilege per request access decisions in information systems and services,” states the new StopRansomware Guide.
Data collection and metrics play a vital role in enhancing the collective understanding of ransomware affecting U.S. organizations. By analyzing actors, victims, and impacts; the cybersecurity community gains valuable insights that inform the U.S. government’s actions to counter the threat.
This information also “streamlines the U.S. Government’s response to ransomware attacks and facilitates information sharing and collaboration between government agencies and private sector partners,” reads the report.
Collaboration is key in combating ransomware, and the JRTF aims to strengthen operational collaboration and intelligence sharing.
By fostering partnerships with the private sector, the international community, and non-governmental organizations, the task force can more effectively prevent, detect, and respond to evolving ransomware campaigns.
Additionally, learning from past incidents is crucial for improvement. The JRTF examines recent ransomware incidents in key sectors to identify coordination and information-sharing gaps. The federal government can address these gaps by enhancing its response and preparedness posture.
Intelligence gathering and engagement with international partners also play a significant part in the JRTF’s operations.
By leveraging the intelligence collection capabilities of all partners and collaborating with international entities, the task force can plan and execute synchronized operations to counter ransomware threats.
Furthermore, the JRTF organizes interagency campaigns to disrupt ransomware actors and fortify national cyber defenses. By working with relevant partners on new campaign efforts, the task force ensures a comprehensive approach to combating ransomware attacks.
A better way to mitigate cyber threats
The JRTF has established the External Partners Working Group to extend its reach and effectiveness.
This group collaborates with private sector companies, researchers, critical infrastructure sectors, and international partners.
By fostering operational collaboration with these entities, the task force can further accelerate progress in reducing damaging ransomware events affecting American organizations.
The Joint Response Task Force (JRTF) has fostered strong partnerships not only with Sector Risk Management Agencies (SRMAs) and Information Sharing and Analysis Centers (ISACs) but also with esteemed international counterparts. These collaborations extend to peer cybersecurity, intelligence, and law enforcement agencies across various partner nations.
The efforts of the Joint Ransomware Task Force and StopRansomware Guide represent a significant step forward in addressing the growing threat of ransomware attacks.
Through collaboration, intelligence sharing, and operational coordination, the task force aims to make measurable progress in reducing the prevalence of ransomware incidents impacting global organizations.