On May 23, 2023, CISA, the Federal Bureau of Investigation (FBI), the National Security Agency (NSA), and the Multi-State Information Sharing and Analysis Center (MS-ISAC) published an updated version of the #StopRansomware Guide, as ransomware actors have accelerated their tactics and techniques since its initial release in 2020. The update incorporates lessons learned from the past two years and includes additional recommended actions, resources, and tools to maximize its relevancy and effectiveness and to further help reduce the prevalence and impacts of ransomware.
Since the initial release of the Ransomware Guide in September 2020, ransomware actors have accelerated their tactics and techniques. To maintain relevancy, add perspective, and maximize the effectiveness of the guide, the following changes have been made:
• Added recommendations for preventing common initial infection vectors, including compromised credentials and advanced forms of social engineering.
• Updated recommendations to address cloud backups and zero trust architecture.
• Expanded the ransomware response checklist with threat hunting tips for detection and analysis.
• Mapped recommendations to CISA’s Cross-Sector Cybersecurity Performance Goals (CPGs).
The #StopRansomware Guide is designed to serve as a one-stop resource to help organizations reduce the risk of ransomware incidents through best practices to detect, prevent, respond, and recover, including step-by-step approaches to address potential attacks. The authoring organizations recommend that entities review this joint guide to prepare and protect their facilities, personnel, and customers from the impacts of ransomware and data exfiltration. For more information and to access the latest resources about how to stop ransomware, you can visit stopransomware.gov.