As a follow-up to my previous message on the Conti ransomware advisory, I wanted to share some info regarding cyber hygiene services that CISA offers to our partners, free of charge, to help improve your cybersecurity posture. This and much more can be found at
https://www.cisa.gov/stopransomware/, the U.S. government’s one-stop shop for ransomware mitigation resources. Be sure to share widely—thank you!
Cyber Hygiene Services
Free CISA scanning and testing services to help organizations assess, identify, and reduce their exposure to threats, including ransomware. Email us at vulnerability_info@cisa.dhs.gov to get started.
This suite of services includes:
- Vulnerability Scanning : Identifies externally-accessible assets and services that are vulnerable to common attacks.
- Web Application Scanning : Identifies website weaknesses and poor configurations that attackers may exploit.
- Phishing Campaign Assessment : Determines the susceptibility of an organization’s personnel to opening malicious emails (i.e., phishing), which are a leading cause of ransomware.
- Remote Penetration Test : Tests perimeter defenses by mimicking the techniques adversaries use to gain unauthorized access to networks
Cyber Security Evaluation Tool (CSET®)
The Cyber Security Evaluation Tool (CSET®) is a stand-alone desktop application that guides asset owners and operators through a systematic process of evaluating Operational Technology and Information Technology. On June 30, CSET was updated to include a new module: Ransomware Readiness Assessment (RRA) . The RRA is a self-assessment based on a tiered set of practices to help organizations better assess how well they are equipped to defend against and recover from a ransomware incident
Cybersecurity Colleagues and Partners,
The Cybersecurity and Infrastructure Security Agency (CISA), Federal Bureau of Investigation (FBI) and the National Security Agency (NSA) announced the release of an advisory today on the Conti ransomware threat, including technical details about cyber actors’ behavior mapped to MITRE ATT&CK and recommended mitigations.
CISA and FBI have observed an increased use of Conti ransomware in more 400 attacks to steal sensitive data from U.S. and international organizations. Malicious cyber actors typically use Conti ransomware against a victim to steal files, encrypt servers and workstations, and demand a ransom payment to return stolen, sensitive data.
To secure systems against Conti ransomware, CISA, FBI, and NSA recommend implementing the mitigation measures described in this advisory, which include requiring multi-factor authentication (MFA), implementing network segmentation, and updating your operating system and software.
If a ransomware incident occurs at your organization, CISA, FBI, and NSA recommend the following actions:
· Follow the Ransomware Response Checklist on p. 11 of the CISA-Multi-State Information Sharing and Analysis Center (MS-ISAC) Joint Ransomware Guide.
· Scan your backups. If possible, scan your backup data with an antivirus program to check that it is free of malware.
· Report incidents immediately to CISA at https://us-cert.cisa.gov/report, a local FBI Field Office, or U.S. Secret Service Field Office.
· Apply incident response best practices found in the joint advisory from Australia, Canada, New Zealand, the United Kingdom, and the United States on Technical Approaches to Uncovering and Remediating Malicious Activity.
Organizations should read the advisory, assess your unique cybersecurity environment, and implement recommended mitigations for any observed security gaps or weaknesses. Any support you and your organizations can do to amplify this joint advisory through your communications and social media channels is appreciated. And as always, thank you for your continued collaboration.
The advisory can be found here and is also available on the new, whole-of-government ransomware website, Stopransomware.gov.
Thank you for sharing this information broadly.
Cybersecurity and Infrastructure Security Agency
Defend Today Secure Tomorrow