Ransomware
Ransomware is a form of malware designed to encrypt files on a device, rendering any files and the systems that rely on them unusable. Malicious actors then demand ransom in exchange for decryption.
Ransomware incidents can severely impact business processes and leave organizations without the data they need to operate and deliver mission-critical services. Malicious actors engage in lateral movement to target critical data and propagate ransomware across entire networks. These actors also increasingly use tactics, such as deleting system backups, that make restoration and recovery more difficult or infeasible for impacted organizations.
Paying the ransom does not guarantee that your organization’s files will be decrypted and that you can resume regular business operations. The most important part of ransomware defense is to implement strong cybersecurity controls to prevent ransomware incidents from occurring.
Additional webinars can be found at:
https://www.ftc.gov/business-guidance/small-businesses/cybersecurity/vi… and
https://www.cisa.gov/stopransomware/webinars.
Report ransomware
Every ransomware incident should be reported to the U.S. government. Victims of ransomware incidents can report their incident to the FBI, CISA, or the U.S. Secret Service. A victim only needs to report their incident once to ensure that all the other agencies are notified.
You can report incidents through CISA's reporting portal. To guide incident reporters through the reporting process, CISA has released a voluntary cyber incident reporting resource. It helps entities understand "who" should report an incident, "why and when" they should report, as well as "what and how to report."