Protect Your Network

Ransomware is an ever-evolving form of malware designed to encrypt files on a device, rendering any files and the systems that rely on them unusable. Malicious actors then demand ransom in exchange for decryption. These resources are designed to help individuals and organizations prevent incidents that can severely impact business processes and leave organizations without the data they need to operate and deliver mission-critical services.

Use these resources to mitigate against ransomware:

• Election Infrastructure Cybersecurity Readiness and Resilience Checklist - This checklist provides a series of questions to guide the decision-making necessary to prepare for potential cybersecurity incidents.
• Just So You Know: Ransomware Disruptions During Voting Periods Will Not Impact the Security and Resilience of Vote Casting or Counting - This PSA informs the public that while ransomware attacks against state or local government networks or election infrastructure could cause localized delays, they will not compromise the security or accuracy of vote casting or counting processes.
• Cyber Hygiene Vulnerability Scanning - Know what vulnerabilities bad actors can see about your organization’s internet-facing systems. Sign-up for CISA’s free cyber hygiene vulnerability scanning.
• Endpoint Security Services (ESS) - A free service to EI-ISAC members, ESS is a solution deployed on endpoint devices to identify, detect, respond to, and remediate security incidents and alerts.
• Stop Ransomware - The U.S. Government’s official one-stop location for resources to tackle ransomware more effectively.
• Albert Intrusion Detection System - 24x7x365 managed and monitored intrusion detection system (IDS) built to detect cyber threats on state, local, tribal, and territorial (SLTT) government networks

Business email compromise is where a malicious actor sends an email appearing to be from a trusted contact/organization (such as a colleague or a vendor), usually by either using unauthorized network access to take over a legitimate email account or using a spoofed version of a legitimate email account. This can include a malicious actor using network access to send an email from official accounts. For example, a malicious actor could send out mass emails from an actual election official’s email account to spread malware to other accounts or to convince a recipient to take certain action.

Use these resources to mitigate the exploitation of business email compromise:

• Multi-factor authentication (MFA) - This fact sheet provides an overview of MFA and explains how to implement a layered approach to securing data and applications where a system requires a user to present a combination of two or more credentials to verify a user’s identity for login.
• Malicious Domain Blocking and Reporting (MDBR) - A free service offered to EI-ISAC members, this quick-to-configure and easy-to-deploy cloud-based secure DNS service prevents IT systems from connecting to harmful web domains, helping limit infections related to known malware, ransomware, phishing, and other cyber threats.
• Endpoint Security Services (ESS) - A free service to EI-ISAC members, ESS is a solution deployed on endpoint devices to identify, detect, respond to, and remediate security incidents and alerts.

Networks face large and diverse cyber threats that range from unsophisticated hackers to technically competent intruders using state-of-the-art intrusion techniques. Many malicious incidents are designed to steal information and disrupt, deny access to, degrade, or destroy critical information systems. For elections, malicious actors could look to gain network access to compromise or manipulate information, such as voter registration data. Often malicious actors will look to exploit known vulnerabilities to gain network access.

Use these resources to mitigate the exploitation of known network vulnerabilities:

• Known Exploited Vulnerabilities (KEV) Catalog - To help organizations better manage vulnerabilities and keep pace with threat activity, CISA maintains the authoritative source of vulnerabilities that have been exploited in the wild. Organizations should use the KEV catalog as an input to their vulnerability management prioritization framework.
• Cyber Hygiene Vulnerability Scanning - Know what vulnerabilities bad actors can see about your organization’s internet-facing systems. Sign-up for CISA’s free cyber hygiene vulnerability scanning.
• Endpoint Security Services (ESS) - A free service to EI-ISAC members, ESS is a solution deployed on endpoint devices to identify, detect, respond to, and remediate security incidents and alerts.
• Albert Intrusion Detection System - 24x7x365 managed and monitored IDS built to detect cyber threats on state, local, tribal, and territorial (SLTT) government networks.