Cybersecurity and Infrastructure Security Agency (CISA) has observed an
increase in ransomware attacks across the world: See CISA’s Awareness Briefings on Combating Ransomware, Joint Ransomware Statement, and CISA Insights – Ransomware Outbreak.
Ransomware is a type of malicious software, or malware, designed to
deny access to a computer system or data until a ransom is paid.
Ransomware typically spreads through phishing emails or by unknowingly
visiting an infected website.
Ransomware can be devastating to an individual or an organization.
Anyone with important data stored on their computer or network is at
risk, including government or law enforcement agencies and healthcare
systems or other critical infrastructure entities. Recovery can be a
difficult process that may require the services of a reputable data
recovery specialist, and some victims pay to recover their files.
However, there is no guarantee that individuals will recover their files
if they pay the ransom.
CISA recommends the following precautions to protect users against the threat of ransomware:
- Update software and operating systems with the latest patches.
Outdated applications and operating systems are the target of most
- Never click on links or open attachments in unsolicited emails.
- Backup data on a regular basis. Keep it on a separate device and store it offline.
- Follow safe practices when browsing the Internet. Read Good Security Habits for additional details.
In addition, CISA also recommends that organizations employ the following best practices:
- Restrict users’ permissions to install and run software
applications, and apply the principle of “least privilege” to all
systems and services. Restricting these privileges may prevent malware
from running or limit its capability to spread through a network.
- Use application whitelisting to allow only approved programs to run on a network.
- Enable strong spam filters to prevent phishing emails from reaching
the end users and authenticate inbound email to prevent email spoofing.
- Scan all incoming and outgoing emails to detect threats and filter executable files from reaching end users.
- Configure firewalls to block access to known malicious IP addresses.
See the Ransomware Security Publication, technical guidance on How to Protect Your Networks from Ransomware, and CISA’s Awareness Briefings on Combating Ransomware, Joint Ransomware Statement, and CISA Insights – Ransomware Outbreak for more information.
For recent CISA Alerts on specific ransomware threats, see:
- TA17-181A: Petya Ransomware (NotPetya)
- TA17-132A: Indicators Associated With WannaCry Ransomware
- TA16-091A: Ransomware and Recent Variants
Victims of ransomware should report it immediately to CISA at www.us-cert.gov/report, a local FBI Field Office, or Secret Service Field Office.