Cybersecurity and Infrastructure Security Agency Cybersecurity and Infrastructure Security Agency

CISA | CYBERSECURITY AND INFRASTRUCTURE SECURITY AGENCY CYBERSECURITY AND INFRASTRUCTURE SECURITY AGENCY

Defend Today, Secure Tomorrow Ransomware Campaign Overview

David Stern 2 October 15, 2020 Ransomware What is it? Malware designed to make data or hardware inaccessible to the victim until a ransom is paid.

Examples . Cryptolocker Why should you care? . Winlock . Often downloaded as malicious email links . Cryptowall . Damage to both financial stability and reputation . Reveton . No guarantee that you will get your data back, ransomware even if you pay . Bad rabbit . Often used as a decoy for other malicious activity . Crysis . Wannacry

3 Malware What is it? Any software intended to… . Damage . Disable Examples . Or give someone unauthorized access to your . Ransomware computer or other internet-connected device . Adware . Botnets Why should you care? . Rootkits . Most cybercrime begins with some sort of . Spyware malware. You, your family, and your personal . Viruses information is almost certainly at risk if malware . Worms finds its way onto your computer or devices.

4 Cyber Threats of Today

• Ransomware • WannaCry • REvil/ Sodinokibi (targeting MSPs) • Ryuk (targeting medical, education, SLTT) • Robinhood, Maze, Fobos, CovidLock, CryptoLocker, ,Pysa, VoidCrypt…

• malware • [Remote Access Trojans] Trickbot, Emotet, LokiBot • [wiperware] NotPetya

• Threats to External Dependencies • 3rd party vendors, service providers, infrastructure providers • Supply chain Cyber Attacks: Step-By-Step

Remote worker/ distance learning

Establish foothold, maintain presence, escalate permissions From [email protected]

Would This Subject Response Required ASAP– Covid-19 Preparedness Email Fool You? Covid-19 Prepardness Tom, Due to the ongoing corona virus outbreak, “Your Company Name” is actively taking safety precations by instituting a Comunicable Disease Management Policy. The policy is a part of our organizatinal preparedness, and we require all employees to read and acknowledge the policy by the end of the day. www.fakewebsite.com/gotcha.exe Also we are currenting collecting donations for frontline workers here. Click or tap to follow link. Sincerely Yours, BossMann

7 Protective Measures - 1

IT Security Professionals and Leadership - The Essentials

• Inventory all technology and information • Have a plan for responding to cyber assets. incidents

• Deploy antivirus on all servers and • Develop and strengthen situational workstations awareness

• Backup data regularly • Implement a secure network architecture

• Implement good patch management practices • Implement innovative security awareness training • Implement strong user management practices. • Conduct internal audits and periodic cyber assessments

8 Protective Measures - 2

Organizational Leaders • Know business risks and treat cyber as a business risk, to operations and to supply chains

• Foster a culture of operational resilience and cyber readiness

• Incorporate cybersecurity as a part of business strategy, including all external relationships

• Build a network of trusted relationships with sector partners and government agencies for access to timely cyber threat information, incident reporting, and response coordination

End Users • Participate in security awareness training and have an awareness of the threats

• Be aware of your digital footprint and know the end-user security features available to you

• Know the data backup options available and ensure locally stored data is backed up

• Be vigilant, accountable, and report incidents and suspicious activity immediately

9 CISA Ransomware Resources

CISA.gov/ransomware . Ransomware Guide . CISA INSIGHTS: Ransomware Outbreak . NEW! Toolkit, fact sheet, and images . Alerts and Statements . US-CERT activity alerts on ransomware threats . Joint statements on ransomware with our partners . Guides and Services . Cyber Hygiene Services . TTX Exercises . Factsheets and Infographics . Protect Your Center From Ransomware poster . Ransomware: What It Is and What To Do About It . Training and Webinars . Trends and Predictions in Ransomware (Cyber Summit 2020) . CDM Training . Incident Response Training Series . Combating Ransomware Webinar

David Stern 10 October 15, 2020 Cyber Incident Reporting

When to Report:

If there is a suspected or confirmed cyber attack or incident that:

• Affects core government or critical infrastructure functions; • Results in the loss of data, system availability; or control of systems; • Indicates malicious software is present on critical systems

11 CISA | CYBERSECURITY AND INFRASTRUCTURE SECURITY AGENCY

No-Cost CISA Cybersecurity Services • Preparedness Activities • Response Assistance • Cybersecurity Assessments • 24/7 Response assistance and malware analysis • Cybersecurity Training and Awareness • Incident Coordination • Cyber Exercises and “Playbooks” • Threat intelligence and information sharing • Information / Threat Indicator Sharing • National Cyber Awareness System • Cybersecurity Advisors – Regionally deployed advisors • Vulnerability Notes Database • Incident response coordination • Information Products and Recommended • Public Private Partnership Development Practices • Advisory assistance and cybersecurity assessments CISA Contact Information Benjamin Gilbert, CISSP, CRISC, CEH [email protected] Cybersecurity Advisor, CISA Region III [email protected] CISA URL https://www.cisa.gov Call 1-888-282-0870 To Report a Cyber Incident to CISA Email [email protected] visit https://www.cisa.gov