#StopRansomware Guide

by

Ransomware is a form of malware designed to encrypt files on a device, rendering them and the systems that rely on them unusable. Malicious actors then demand ransom in exchange for decryption.

Over time, malicious actors have adjusted their ransomware tactics to be more destructive and impactful and have also exfiltrated victim data and pressured victims to pay by threatening to release the stolen data. The application of both tactics is known as “double extortion.” In some cases, malicious actors may exfiltrate data and threaten to release it as their sole form of extortion without employing ransomware.

These ransomware and associated data breach incidents can severely impact business processes by leaving organizations unable to access necessary data to operate and deliver mission critical services. The economic and reputational impacts of ransomware and data extortion have proven challenging and costly for organizations of all sizes throughout the initial disruption and, at times, extended recovery.

This guide was developed through the U.S. Joint Ransomware Task Force (JRTF).

The JRTF, co-chaired by CISA and FBI, is an interagency, collaborative effort to combat the growing threat of ransomware attacks. The JRTF was launched in response to a series of high-profile ransomware attacks on U.S. critical infrastructure and government agencies.

The JRTF:

  1. Coordinates and streamlines the U.S. Government’s response to ransomware attacks and facilitates information sharing and collaboration between government agencies and private sector partners.
  2. Ensures operational coordination for activities such as developing and sharing best practices for preventing and responding to ransomware attacks, conducting joint investigations and operations against ransomware threat actors, and providing guidance and resources to organizations that have been victimized by ransomware.
  3. Represents a significant step forward in enabling unity of effort across the U.S Government’s efforts to address the growing threat of ransomware attacks.
    For more info on JRTF, see https://www.cisa.gov/joint-ransomware-task-force