Proactive Measures to Mitigate the Threat of Ransomware
Ransomware attacks have become increasingly sophisticated and pose a significant risk to businesses of all sizes across industries. These attacks can disrupt operations, compromise sensitive data and lead to financial and reputational losses. Working together we can collectively strengthen our resilience to such attacks and minimize their impact.
To ensure the continued security and stability of our supply chain, we are proactively sharing crucial prevention and response information about the rising threat of ransomware.
What is Ransomware?
Ransomware is an ever-evolving form of malware designed to encrypt files on a device or network, rendering them, and the systems that rely on them, unusable. Malicious actors then demand ransom in exchange for decryption. Ransomware actors often target and threaten to sell or leak exfiltrated data or authentication information if the ransom is not paid.
Prevention Measures with National Institute of Standards and Technology (NIST) Reference
- Regular Security Updates: Ensure that all operating systems and applications are up to date with the latest security patches.
- Email Security: Be cautious of suspicious emails, especially those with unexpected attachments or links. Never open attachments or click links from unknown senders.
- Employee Training: Educate your workforce about the dangers of phishing emails. If possible, implement a phishing testing program in your company.
- Backup Strategy: Regularly back up critical data and store backups in a secure location. Test the restoration process to ensure backups are reliable.
- Access Control: Implement the “principle of least privilege”, granting employees access only to the systems and data necessary for their roles. Additionally, implement multi-factor authentication where technically feasible and especially on public/internet facing systems.
- Incident Response Plan: Create, maintain and regularly exercise a cyber incident response plan and associated communications plan that includes response and notification procedures for ransomware and data extortion/breach incidents. Ensure hard copies of the plan are available.
- Consider an Endpoint Detection and Response (EDR) Solution: EDR tools are designed to detect, investigate and mitigate advanced threats and attacks on endpoints within an organization’s network. EDR solutions provide an additional layer of security beyond traditional antivirus software by focusing on detecting and responding to more sophisticated and targeted threats.
- More tips can be found at Cybersecurity and Infrastructure Security Agency (CISA) #stopransomware
Subcontractors supporting Lockheed Martin’s Department of Defense (DOD) prime contracts that store, transmit and/or process controlled unclassified information (CUI) have an obligation to report (within 72 hours) cyber incidents to https://dibnet.dod.mil/portal/intranet/ as part of their DFARS 252.204-7012 compliance. Lockheed Martin further requires subcontractors to report incidents to their primary contract points of contact within 72 hours of discovery and strongly encourages engagement with your local FBI field office.
Securing the defense industrial base is a team sport. Consider joining the National Defense Information Sharing and Analysis Center (ND-ISAC) to better understand latest threats.
- ND-ISAC is the official ISAC for the DIB Critical Infrastructure Sector recognized by DOD and DHS. The ND-ISAC is a private sector self-organized and self-governing entity and a trusted partner providing exceptional technical solutions and support to its members. Email Info@NDISAC.org to contact the team or see ND-ISAC’s public facing website at www.ndisac.org.
Readiness and collaboration are key to safeguarding our businesses and supply chain against ransomware threats.