Ransomware 101

Ransomware is an ever-evolving form of malware designed to encrypt files on a device, rendering any files and the systems that rely on them unusable. Malicious actors then demand ransom in exchange for decryption. Ransomware actors often target and threaten to sell or leak exfiltrated data or authentication information if the ransom is not paid. In recent years, ransomware incidents have become increasingly prevalent among the Nation’s state, local, tribal, and territorial (SLTT) government entities and critical infrastructure organizations.

Malicious actors continue to adjust and evolve their ransomware tactics over time, and the U.S. Government, state and local governments, as well as the private sector remain vigilant in maintaining awareness of ransomware attacks and associated tactics, techniques, and procedures across the country and around the world. 

Looking to learn more about this growing cyber threat? The #StopRansomware Guide from the Cybersecurity and Infrastructure Security (CISA), the Federal Bureau of Investigation (FBI), the National Security Agency (NSA), and the MS-ISAC (Multi-State Information Sharing & Analysis Center) is a great place to start. Updated in May 2023, this joint #StopRansomware Guide includes industry best practices and a response checklist that can serve as an addendum to organization cyber incident response plans specific to ransomware and data extortion. 

The U.S. Secret Service provides a guide that describes what actions organizations should take to cultivate an understanding of the technological and regulatory limitations, responsibilities, and resources available to them, and how to apply the acquired knowledge to their operations.

NIST's CSF Ransomware Profile can be applied to organizations using or looking to use the NIST Cybersecurity Framework.

We invite you to click on icons below to find additional Ransomware-related information and resources. These resources are designed to help individuals and organizations prevent attacks that can severely impact business processes and leave organizations without the data they need to operate and deliver mission-critical services. We also encourage you to take a look at some of the other resources made available by interagency partners, namely NIST at the Department of Commerce, as well as the National Cyber Investigative Joint Task Force.