Cybersecurity Ransomware Security

FBI and NSA updated guide to stop ransomware

The FBI and the US Secret Service NSA have published an updated guide to stop ransomware. The revised guide includes lessons learned from the past few years and additional recommendations to limit the impact of ransomware. The manual describes several steps that are important in preventing ransomware or limiting the impact, such as preparing for an attack by making backups, drawing up and maintaining a cyber incident response plan and implementing a zero trust architecture. It also discusses how to prevent infections where attackers exploit vulnerabilities and misconfigurations. For example, it is recommended that you disable Server Message Block (SMB) v1 and v2, limit the use of the remote desktop protocol (RDP), use passwords of at least fifteen characters, and do not perform day-to-day operations through accounts with root access. Staff must also be made aware of password safety during annual security training and it is necessary to stop commonly used file types by malware via an e-mail filter. Macros in Microsoft Office files sent via email should also be disabled, as should the Windows Script Host (WSH). The manual also provides “best practices” advice for hardening systems. The second part of the manual contains advice on what organizations should do if their systems have been affected by ransomware. This involves, for example, isolating systems or switching them off if they cannot be removed from the network, but also cleaning up systems and repairing them. The changes compared to the first version are mainly about infection vectors, including compromised credentials and advanced forms of social engineering and a more extensive ransomware response checklist, with tips for threat hunting and detection.