CISA Releases Guidance on Protecting Sensitive Information and Responding to Double-Extortion Ransomware Attacks

Ransomware attacks are significantly more in 2020 and there is no indication that cyberattacks utilizing the file-encrypting malware will decrease. Attacks still grow this 2021 to the stage where there was virtually one-half the number of attempted ransomware attacks in Quarter 2 of 2021 as there were in the entire 2019.

Many threat actors doing ransomware attacks are currently making use of double extortion strategies, where ransoms need to be paid not just to acquire the keys to decrypt data files but also to stop the exposure of information stolen during the attacks. The stealing of records before file encryption has allowed ransomware gangs to make larger ransom demands because the threat to expose the information has considerably increased the likelihood of receiving ransom payment. Numerous victims give the ransom payment to avoid data publicity, though they have applicable backups that could let them bring back the encrypted data for nothing.

The Cybersecurity and Infrastructure Security Agency (CISA) has released new guidance to assist private and public sector establishments manage the risk of double-extortion ransomware attacks. The guidance discusses recommendations for stopping cyber threat actors from obtaining access to networks, ways to be sure sensitive information are safeguarded, and methods that must be used when addressing a ransomware attack.

There are a few measures specified in the guidance that is essential not merely for avoiding ransomware attacks but at the same time for reducing their severity. It is vital to manage offline, encrypted backups of information and to consistently check the backup copies to make certain that file retrieval is in fact feasible. It is additionally important to develop and maintain a fundamental cyber incident response plan, resiliency plan, and connected communications plan, and to perform exercises to make certain that a fast response to an attack is doable. To prohibit attacks, action needs to be taken to focus on the main attack vectors, such as RDP compromises, phishing, and taking advantage of internet-facing vulnerabilities and wrong configurations. Normally, all companies need to also make sure to adhere to good cyber hygiene strategies.

So as to secure sensitive data, institutions should know where sensitive records are stored and who possesses access to those information repositories. It is additionally crucial to make certain that sensitive data are saved for so long as is absolutely required. Physical and cybersecurity guidelines ought to be put in place, such as encrypting sensitive information at rest and in transit, confining access to physical IT assets, and using firewall and network isolation to hinder attempts at lateral activity inside systems. CISA likewise suggests making certain the cyber incident response, as well as communications plans, comprise of response and notification measures for data breach situations.

A quick and efficient response to a ransomware attack is important for confining the harm brought about and trying to keep costs at a minimum. The cyber incident response plan ought to list all the measures that should be taken, and the sequence that they must be done. The initial step is identifying which systems were affected and promptly separating them to safeguard network functions and halt more data loss. The next step should only be undertaken if its’ not possible to take away affected devices from the system or to temporarily de-activate the network, and that is to shut down impacted devices to prevent further propagation of the ransomware infection.

And then, triage impacted systems for restoration and recovery, seek advice from the security workforce to create and record a preliminary knowledge of what has transpired, then involve internal and external organizations and stakeholders and offer instructions on how they can support the response and recovery processes. Agencies must then observe the notification prerequisites discussed in their cyber incident response plan.

The guidance – Protecting Sensitive and Personal Information from Ransomware-Caused Data Breaches – is found on this page.

Elizabeth Hernandez

Elizabeth Hernandez is the editor of HIPAA News section of HIPAA Coach and an experienced journalist in the healthcare sector. She specializes in healthcare and HIPAA compliance, making her a go-to source for information on healthcare regulations. Her work focuses on the importance of patient privacy and secure information handling. Elizabeth also has a postgraduate degree in journalism. Follow on Twitter: You can follow Elizabeth on twitter at