NIST Publishes Ransomware Guidance

The National Institute of Standards and Technology (NIST) has published new draft guidance for organizations concerning ransomware attacks. 

The Cybersecurity Framework Profile for Ransomware Risk Management features advice on how to defend against the malware, what to do in the event of an attack, and how to recover from it. 

NIST’s Ransomware Profile can be used by organizations that have already adopted the NIST Cybersecurity Framework and wish to improve their risk postures. It can also help any organization seeking to implement a risk management framework that deals with ransomware threats. 

Included in the Ransomware Profile are steps that can be followed to identify and prioritize opportunities for improving their ransomware resistance. Users will learn how to prevent ransomware attacks and how to manage ransomware risk effectively. 

Basic measures mentioned in the guidance include keeping computers fully patched, using antivirus software, blocking access to known ransomware sites, and only permitting authorized apps to be used. 

Organizations are also advised to ensure scans are automatically conducted on emails and flash drives, to restrict the use of personally owned devices, to limit the use of accounts with administrative privileges, and to avoid the use of personal apps.

Another defensive tactic against ransomware that the guidance advocates is conducting security awareness training to educate employees about the dangers of opening files sent from unknown sources or clicking on links. 

NIST says planning ahead will help organizations that do succumb to ransomware to recover faster. It advises creating an incident recovery plan, implementing a comprehensive backup and restoration strategy, and maintaining an up-to-date list of internal and external ransomware attack contacts.

NIST intends for the new draft guidance to be used in conjunction with the NIST Cybersecurity Framework, other NIST guidance, and guidance issued by the Department of Homeland Security and the Federal Bureau of Investigation.

Those who wish to comment on the new draft Ransomware Profile have until July 9 to send their feedback to the Institute. A revised copy will then be released and a second commentary period held before a final document is published.

Leave a Reply