The Cybersecurity and Infrastructure Security Agency (CISA), Federal Bureau of Investigation (FBI), National Security Agency (NSA) and Multi-State Information Sharing and Analysis Center (MS-ISAC) published the #StopRansomware Guide — an updated version of the 2020 guide containing additional recommended actions, resources and tools. The guide was produced through the Joint Ransomware Task Force (JRTF), an interagency body established by Congress in 2022 to ensure unity of effort in combating the threat of ransomware attacks.
The #StopRansomware Guide is intended to help organizations reduce the risk of ransomware incidents through best practices to detect, prevent, respond and recover, including step-by-step approaches to address potential attacks. The update incorporates lessons learned from the past two years, including recommendations for preventing common initial access techniques, such as compromised credentials/passwords and advanced forms of social engineering; recommendations to address cloud security backups; and threat hunting tips for detection and analysis.
The first part of the guide provides comprehensive, relevant and proven best practices that organizations should continuously implement to help reduce risk. This section can guide organizations in identifying their critical data and enable forward-leaning actions to mitigate potential ransomware incidents. Part two provides a step-by-step list of actions along with available services and resources for detection and analysis, containment and eradication, and recovery and post-incident activity. This checklist can guide victim organizations through a methodical, measured and properly managed incident response approach.