CISA Tool Helps Measure Readiness to Thwart RansomwareTool Designed to Gauge Whether Organizations Have Adequate Defense, Recovery Measures
The U.S. Cybersecurity and Infrastructure Security Agency has released a Ransomware Readiness Assessment audit tool to help organizations size up their ability to defend against and recover from attacks.
The tool expands the agency's broader Cyber Security Evaluation Tool, which guides network defenders through the process of evaluating their security practices. That platform enables users to perform a comprehensive evaluation of their cybersecurity posture using government and industry standards and recommendations.
The new Ransomware Readiness Assessment is based on a tiered set of practices to help organizations gauge whether they are equipped to defend and recover from a ransomware incident. It's designed for use by organizations at all levels of cybersecurity maturity, the agency says.
The new tool:
- Helps organizations measure ransomware attack preparedness using "recognized standards and best practice recommendations" in a "systematic, disciplined and repeatable manner";
- Offers a guide to evaluating operational technology and information technology network practices;
- Provides an analysis dashboard with graphs and tables that present the assessment results, via a summary and a detailed report.
In April, CISA released Aviary, a dashboard that helps visualize and analyze outputs from its detection tool, Sparrow. The detection tool, released December 2020, enables network defenders to detect possible compromised accounts and applications in Azure/Microsoft 365 environments. The tool was created to support hunts for threat activity in the aftermath of the SolarWinds supply chain attack.
In March, the agency also released the CISA Hunt and Incident Response Program, a forensics collection tool designed to help network defenders find indicators of compromise by scanning for signs of APT compromise within an on-premises environment.
Ransomware activity is surging globally in 2021. Among the most recent incidents was the Colonial Pipeline Co. attack, which led the company to temporarily shut down its major pipeline serving the East Coast (see: FBI: DarkSide Ransomware Used in Colonial Pipeline Attack).
A recent report from the security firm BlackFog documented 31 ransomware attacks in April, compared to 12 in the same month a year earlier.
A blockchain analysis from compliance and investigation firm Chainalysis says some $406 million in ransoms was paid to attackers in 2020. As of mid-May, some $81 million worth of ransoms had been paid to ransomware gangs so far this year, Chainalysis says.