Skip to main content
close search
site logo
Dive Brief

CISA summons outside tips to alert victims of early-stage ransomware

Published March 27, 2023
Matt Kapko's headshot
Senior Reporter
Exclamation mark depicted over code.
WhataWin/Getty Images via Getty Images

Dive Brief:

  • Federal cyber authorities shared early, promising results last week of a pre-ransomware notification initiative designed to quickly alert organizations of intrusions before ransomware actors encrypt or steal data.
  • The Cybersecurity and Infrastructure Security Agency’s Joint Cyber Defense Collaborative pulls in tips from cybersecurity researchers, infrastructure providers and threat intelligence firms to notify victim organizations of early-stage ransomware activity, JCDC Associate Director Clayton Romans said Thursday in a blog post.
  • Authorities notified 60 entities across multiple critical infrastructure sectors of potential pre-ransomware intrusions since the beginning of the year. Many identified and remediated the intrusion before encryption or exfiltration occurred, Romans said.

Dive Insight:

Early warnings about malicious activity can bolster an organization’s ability to significantly limit the impact of a ransomware attack, said Chester Wisniewski, field CTO of applied research at Sophos.

When organizations take action in the early stages of a threat actor’s intrusion, more often than not, they are able to prevent the ransomware attack and data exfiltration, Wisniewski said.

This window of opportunity, when a ransomware actor has gained access but has yet to encrypt or steal data, typically lasts hours to days, according to CISA.

CISA emphasized the important role the private sector plays in sharing indicators of compromise, and encouraged all organizations and individuals to report malicious activity so it can notify potential victims quickly.

While ransomware notifications can help, they’re only effective if organizations trust the warning and take swift and appropriate action, Wisniewski said. Many organizations don’t take early-stage warnings seriously until it’s too late, he said.

Post-breach notifications from CISA might often be too late, but timing is crucial and if caught early enough organizations could limit the extent of damage suffered by an attack.

“One, it can’t hurt. Two, it’s likely to prevent some attacks and that’s fantastic,” Wisniewski said. “But is it going to make a real dent in the ransomware problem? Probably not.”

Filed Under: Breaches, Cyberattacks

Editors' picks

Company Announcements

View all | Post a press release
Nile Adds Industry’s First Campus Zero Trust Delivered As a Service
From Nile
November 21, 2024
TrustNet Named 2024’s Best Compliance Advisory and Audit Firm at CDM’s Annual Top InfoSec Inno…
From TrustNet
November 06, 2024
Fathom5’s ARIA Technology Joins NSIN Propel Maritime Digital Defense Accelerator
From Fathom5
November 18, 2024
Editors' picks
Latest in Breaches
image/svg+xml
Industry Dive is an Informa business
© 2024 Industry Dive. All rights reserved. | View our other publications | Privacy policy | Terms of use | Take down policy.
Cookie Preferences / Do Not Sell