After several months of disruptive and headline-making ransomware attacks on large businesses in the United States, the DHS' Cybersecurity and Infrastructure Security Agency (CISA) has released a list of recommendations for preventing and responding to these kinds of incidents.
The fact sheet, titled Protecting Sensitive and Personal Information from Ransomware-Caused Data Breaches, includes several suggestions such as maintaining offline, encrypted backups and implementing a basic incident response and communications plan. The document also urges readers not to pay a ransom if hit with an attack.
"CISA strongly discourages paying a ransom to criminal actors," the sheet reads. "Paying a ransom may embolden adversaries to target additional organizations, encourage other criminal actors to engage in the distribution of ransomware, and/or may fund illicit activities. Paying the ransom also does not guarantee that a victim’s files will be recovered."
The full data sheet can be read here.