Rise in Ransomware for Critical Infrastructure

CISA, the FBI, NSA, the Australian Cyber Security Centre (ACSC), and the United Kingdom’s National Cyber Security Centre released a CISA Joint Cybersecurity Advisory highlighting a rise in ransomware incidents against critical infrastructure organizations in 2021. These ransomware incidents are sophisticated and high-impact.

The advisory lists 18 mitigation steps (included below for reference). I can think of additional items that aren’t on this list. And many of these 18 items are not simple fixes. This is why ransomware is so challenging for most organizations to prevent. Want to ensure you’re able to keep ransomware out of your environment? Ask about our ransomware prevention assessment.

1. Keep all operating systems and software up to date
2. If you use RDP or other potentially risky services, secure and monitor them closely
3. Implement a user training program and phishing exercises
4. Require MFA
5. Require all accounts with password logins (e.g., service account, admin accounts, and domain admin accounts) to have strong, unique passwords
6. If using Linux, use a Linux security module (such as SELinux, AppArmor, or SecComp) for defense in depth
7. Protect cloud storage by backing up to multiple locations, requiring MFA for access, and encrypting data in the cloud
8. Segment networks
9. Implement end-to-end encryption
10. Identify, detect, and investigate abnormal activity and potential traversal of the indicated ransomware with a network-monitoring tool
11. Document external remote connections
12. Implement time-based access for privileged accounts
13. Enforce principle of least privilege through authorization policies
14. Reduce credential exposure
15. Disable unneeded command-line utilities; constrain scripting activities and permissions, and monitor their usage
16. Maintain offline (i.e., physically disconnected) backups of data, and regularly test backup and restoration
17. Ensure all backup data is encrypted
18. Collect telemetry from cloud environments