Ransomware is a type of malware that encrypts files on a device, making them unusable for the files and the systems that rely on them. Then, in exchange for decryption, malicious actors demand a ransom. If the ransom is not paid, ransomware actors frequently threaten to sell or leak exfiltrated data or authentication information. Ransomware attacks have become more common in recent years among state, local, tribal, and territorial (SLTT) government entities and critical infrastructure organizations across the United States.

Malicious actors adjust and evolve their ransomware tactics over time, and the US government, state and local governments, as well as the private sector, remain vigilant in keeping track of ransomware attacks and related tactics, techniques, and procedures across the country and around the world.

Are you interested in learning more about the growing cyber threat? The Cybersecurity and Infrastructure Security (CISA) and MS-ISAC (Multi-State Information Sharing and Analysis Center) Ransomware Guide is a good place to start. This joint Ransomware Guide, which will be released in September 2020, contains industry best practices and a response checklist that can be used as a ransomware-specific addendum to an organization’s cyber incident response plans.

The US Secret Service has published a guide that outlines what steps businesses should take to gain a better understanding of the technological and regulatory constraints, responsibilities, and resources at their disposal, as well as how to apply that knowledge to their operations.

The CSF Ransomware Profile from NIST can be used by organizations that are using or considering using the NIST Cybersecurity Framework.