Rise in Ransomware for Critical Infrastructure

Rise in Ransomware for Critical Infrastructure

CISA, the FBI, NSA, the Australian Cyber Security Centre (ACSC), and the United Kingdom’s National Cyber Security Centre released a CISA Joint Cybersecurity Advisory highlighting a rise in ransomware incidents against critical infrastructure organizations in 2021. These ransomware incidents are sophisticated and high-impact.

The advisory lists 18 mitigation steps 😬 (included below for reference). I can think of additional items that aren’t on this list. And many of these 18 items are not simple fixes. This is why ransomware is so challenging for most organizations to prevent. Want to ensure you’re able to keep ransomware out of your environment? Ask about our ransomware prevention assessment.

  1. Keep all operating systems and software up to date
  2. If you use RDP or other potentially risky services, secure and monitor them closely
  3. Implement a user training program and phishing exercises
  4. Require MFA
  5. Require all accounts with password logins (e.g., service account, admin accounts, and domain admin accounts) to have strong, unique passwords
  6. If using Linux, use a Linux security module (such as SELinux, AppArmor, or SecComp) for defense in depth
  7. Protect cloud storage by backing up to multiple locations, requiring MFA for access, and encrypting data in the cloud
  8. Segment networks
  9. Implement end-to-end encryption
  10. Identify, detect, and investigate abnormal activity and potential traversal of the indicated ransomware with a network-monitoring tool
  11. Document external remote connections
  12. Implement time-based access for privileged accounts
  13. Enforce principle of least privilege through authorization policies
  14. Reduce credential exposure
  15. Disable unneeded command-line utilities; constrain scripting activities and permissions, and monitor their usage
  16. Maintain offline (i.e., physically disconnected) backups of data, and regularly test backup and restoration
  17. Ensure all backup data is encrypted
  18. Collect telemetry from cloud environments