Today, the Cybersecurity and Infrastructure Security Agency (CISA) and the FBI published a cybersecurity advisory, warning public and private sector organizations to stay vigilant for ransomware attacks ahead of the Labor Day holiday weekend.
The advisory shares precautions and mitigation steps that organizations can take to reduce their risk to ransomware and other cyber attacks. In a press release, CISA said the advisory is based on observations on the timing of high-impact ransomware attacks that have occurred previously rather than a reaction to specific threat reporting.
“Ransomware continues to be a national security threat and a critical challenge, but it is not insurmountable,” said Eric Goldstein, executive assistant director for cybersecurity for CISA. “With our FBI partners, we continue to collaborate daily to ensure we provide timely, useful, and actionable advisories that help industry and government partners of all sizes adopt defensible network strategies and strengthen their resilience. All organizations must continue to be vigilant against this ongoing threat.”
In the advisory, CISA and the FBI recommend that organizations with the necessary capabilities to engage in preemptive threat hunting on their networks search for signs of threat actors. The advisory also includes recommendations for fundamental best practices that should be adopted by all organizations, including implementing multi-factor authentication for remote access and administrative accounts.
Other recommendations included in the advisory are:
- Make an offline backup of your data.
- Do not click on suspicious links.
- If you use RDP – or other potentially risky services – secure and monitor.
- Update your OS and software; scan for vulnerabilities.
- Use strong passwords.
- Use multi-factor authentication.
- Secure your network(s): implement segmentation, filter traffic, and scan ports.
- Scan network for open and listening ports and close those that are unnecessary.
- Secure your user accounts.
- Have an incident response plan.
The advisory also warns organizations that, in the event of a ransomware attack, paying the ransom does not guarantee recovery of the data. CISA and the FBI explicitly say that organizations “should not pay the ransom.” The advisory adds that regardless of whether an organization pays a ransom or not, it is important that the incident be reported to CISA or the local FBI field office.