CISA and MS-ISAC Release Joint Guide on Ransomware
Trisha Anderson, Ashden Fein and James Yoon of Covington & Burling write:
On September 30, 2020, the Cybersecurity and Infrastructure Security Agency (“CISA”) and the Multi-State Information Sharing and Analysis Center (“MS-ISAC”) released a joint guide synthesizing best practices to prevent and respond to ransomware. This guide was published the day before OFAC and FinCEN released their coordinated guidance on ransomware attacks that we previously summarized here.
Ransomware is malware that encrypts data on a victim’s device, thus rendering the data inaccessible, until a ransom is paid in exchange for decryption. Both the nature and scope of ransomware incidents have become “more destructive and impactful” in recent years. In particular, tactics of malicious actors include threatening to release stolen data or publicly naming victims as part of the extortion. Accordingly, the guide encourages organizations to take proactive efforts to manage risks posed by ransomware and recommends a coordinated response to mitigate its impact.
Read more on InsidePrivacy.
And another reminder that there are some basic precautions that can help you avoid becoming a ransomware victim. See Focusing on Risk and Recovery: A Ransomware Preparation Checklist on CPO Magazine.