CISA Aims To Improve Ransomware Readiness

The Cybersecurity and Infrastructure Security Agency (“CISA”), the U.S. Government Agency that works with the private sector to defend against cyber threats and to build more secure and resilient infrastructure for the future, released a new module for its Cyber Security Evaluation Toolkits (“CSET”). This toolkit is designed to assist cybersecurity professionals by providing a systematic roadmap to evaluate their organization’s existing security protocols. The toolkit includes a step-by-step guide to assess both information technology (“IT”) and industrial control system (“ICS”) environments.

The new CSET module is called Ransomware Readiness Assessment (“RRA”). It specifically assesses an organization’s readiness against tactics commonly associated with ransomware attacks. This new module is presumably in response to the uptick in ransomware attacks over the past 24 months, which are making headline news. Ransomware is a type of malware that encrypts a system’s data and demands payment in exchange for a decryption key. Ransomware is known to significantly disrupt business operations and threat actors do everything in their power to make paying for a decryption key a more attractive and cost-efficient option than restoring from backups. This includes a common tactic of navigating to and deleting backups stored on the network.

Law enforcement has routinely stated that proper backup and restoration protocols are critical to avoiding ransom payments. CISA’s RRA is designed to help businesses assess how prepared they are for defending and recovering from a ransomware incident by:

• Helping businesses evaluate their cybersecurity posture, with respect to ransomware, against recognized standards and best practice recommendations.
• Providing an analysis dashboard that presents the assessment results in both summary and detailed form.

CISA strongly encourages all organizations to take the CSET Ransomware Readiness Assessment, available at https://github.com/cisagov/cset/.