Ransomware

CISA Gets Proactive With New Pre-Ransomware Alerts

CISA has sent notifications to more than 60 organizations as part of a new initiative to alert entities of early-stage ransomware attacks.

Ionut Arghire

March 24, 2023

The US Cybersecurity and Infrastructure Security Agency (CISA) this week announced a new initiative to alert organizations of early-stage ransomware attacks.

Since the start of the year, the agency has notified more than 60 organizations in the energy, education, healthcare, water/wastewater, and other sectors. Many of these organizations were able to mitigate the attack before data was encrypted and exfiltrated.

A proactive cyber defense capability, pre-ransomware notifications are meant to warn organizations that they were breached, so that they can evict threat actors from their networks before file-encrypting ransomware is deployed.

“We know that ransomware actors often take some time after gaining initial access to a target before encrypting or stealing information, a window of time that often lasts from hours to days. This window gives us time to warn organizations that ransomware actors have gained initial access to their networks,” Joint Cyber Defense Collaborative (JCDC) associate director Clayton Romans notes.

By taking immediate action when receiving an early warning, organizations can reduce potential data loss, avoid impact on operations, and reduce financial impact and other detrimental consequences.

The notifications, Romans says, are sent based on tips received from the cybersecurity research community, threat intelligence companies, and infrastructure providers. Once a tip is received, CISA’s field personnel notifies the victim organization and provides it with mitigation instructions.

If the victim is an entity outside the US, CISA works with international CERT partners to deliver the notification.

“In cases where ransomware actors have already encrypted a network and are holding data and systems for ransom, JCDC works closely with the victim organizations to provide threat actor tactics, techniques, and procedures (TTPs) as well as guidance to help reduce the impact of an attack,” Romans explains.

Advertisement. Scroll to continue reading.

CISA urges organizations to report observed ransomware attacks, including indicators of compromise and TTPs, to help prepare mitigation guidance for future attacks.

Written By Ionut Arghire

Ionut Arghire is an international correspondent for SecurityWeek.

Latest News

Click to comment

CIEM Chat: How to Reduce Cloud Identity Risk

March 26, 2024

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Virtual Event: Ransomware Resilience & Recovery Summit

April 17, 2024

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Navigating Vendor Speak: A Security Practitioner’s Guide to Seeing Through the Jargon

As a security industry, we need to focus our energies on those professionals among us who know how to walk the walk. (Joshua Goldfarb)

SD-WAN: Don’t Build a Dead End, Prepare for Future-Proof Secure Networking

SD-WAN must be scalable, stable, secure, and fully operational to serve as a strong base for seamless modernization and progression to SASE. (Etay Maor)

You Against the World: The Offenders Dilemma

Foreign attackers have many more toolsets at their disposal, so we need to make sure we’re selective about our modeling, preparation and how we assess and fortify ourselves. (Tom Eston)

Why Intelligence Sharing Is Vital to Building a Robust Collective Cyber Defense Program

With automated, detailed, contextualized threat intelligence, organizations can better anticipate malicious activity and utilize intelligence to speed detection around proven attacks. (Marc Solomon)

Know Your Audience When Speaking to Security Practitioners

How can security practitioners make sense of the vendor landscape and separate those who talk a good game from those who can execute, perform, and solve real problems for enterprises? (Joshua Goldfarb)