The US Cybersecurity and Infrastructure Security Agency (CISA) announced the Pre-Ransomware Notifications service to help organizations stop ransomware attacks before damage occurs.
The US Cybersecurity and Infrastructure Security Agency announced a new Pre-Ransomware Notification initiative that aims at alerting organizations of early-stage ransomware attacks.
The principle behind the initiative is simple, ransomware actors initially gain access to the target organization, then they take some time before stealing or encrypting data. The time-lapse between initial access to a network and the encryption of the systems can last from hours to days.
Being able to notify the victims in this time window can help them to limit the damages caused by the ransomware attack.
“This window gives us time to warn organizations that ransomware actors have gained initial access to their networks.” reads the announcement made by the Us agency. “These early warnings can enable victims to safely evict the ransomware actors from their networks before the actors have a chance to encrypt and hold critical data and systems at ransom. Early warning notifications can significantly reduce potential loss of data, impact on operations, financial ramifications, and other detrimental consequences of ransomware deployment.”
The CISA Joint Cyber Defense Collaborative (JCDC) collects information about potential early-stage ransomware activity from multiple sources, including the research community, infrastructure providers, and cyber threat intelligence firms.
Then the field personnel across the country notify the victim organization and provide specific mitigation guidance. The agency will also provide notification to organizations outside of the United States through its international CERT