"Getting Ahead of the Ransomware Epidemic: CISA's Pre-Ransomware Notifications Help Organizations Stop Attacks Before Damage Occurs"
The US Homeland Security Department's Cybersecurity and Infrastructure Security Agency (CISA) recently launched a significant initiative to help organizations fix vulnerabilities targeted by ransomware actors more quickly. CISA has now announced the "Pre-Ransomware Notification Initiative," a related effort already reducing the damage caused by ransomware attacks. This effort is coordinated as part of CISA's interagency Joint Ransomware Task Force. After gaining initial access to a target, ransomware actors typically wait before encrypting or stealing data, a window that usually lasts from hours to days. This window allows CISA to warn organizations that ransomware actors have gained network access. These early warnings can help victims safely remove ransomware actors from their networks before they can encrypt and hold critical data and systems for ransom. This work relies on two crucial components. First, CISA's Joint Cyber Defense Collaborative (JCDC) receives ransomware activity tips from the cybersecurity research community, infrastructure providers, and cyber threat intelligence organizations. Every company or individual with information on ransomware activity in its early stages is asked to contact CISA. As soon as CISA gets a notification, its field personnel across the country alert the victim organization and provide guidance on mitigation. When a tip pertains to a non-US company, CISA collaborates with its international CERT partners to ensure prompt notification. This article continues to discuss CISA's Pre-Ransomware Notification Initiative.