Don’t Wake Up to a Ransomware Attack

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

[Music] [Applause] good morning everyone my name is jake zadskin i'll be your facilitator this morning as well as moderating our chat panel for any questions that may come up during our webinar i'm joined by my colleague joe goodwin who will be walking us through our material today so welcome to investigate mitigate and respond 101 don't wake up to a ransomware attack so joe it sounds like we're talking about ransomware today correct uh good morning everybody so a successful ransomware attacks have the potential to completely paralyze business and government network operations steal data and force victims into a choice between either paying off their attackers or or losing their data forever so this webinar is designed to help you understand uh ransomware attacks and provide steps that individuals and organizations can take to reduce that risk of attack to mitigate the potential damage and to respond effectively if a ransomware attack does occur okay joe but uh so what about ransomware can we expect to learn over the next hour in this overview we'll cover the essential information you need to protect yourself and your organization using the identify mitigate recover framework so first we'll identify the signs of an attack and methods of the infection mitigate the threat through proper cyber hygiene and incident response planning and response and recovery according to your plan in the second half of the course we'll apply this framework to some real world case studies of documented ransomware attacks as we dive in let's so let's start by looking at some numbers that illustrate how destructive uh these potential attacks could be ransomware attacks cost businesses more than 7.5 billion dollars per year with the fbi reporting ransom payments alone totaling around one billion dollars recovering from ransomware attacks cost businesses over 84 000 on average and the rate of these attacks are increasing the cyber security company mcafee reports a 56 percent growth in ransomware activity between 2018 and 2019. ransomware makes up a significant share of global cyber crime which are estimated to grow beyond six trillion dollars by 2021. so joe that sounds like a significant uptick and it sounds like ransomware causes a lot of damage but what is it exactly so we'll start with the basics on ransomware what it is and then get some of the more specifics so ransomware is a type of malicious software otherwise known as a malware that's designed to block legitimate users access to a computer system or their data through encryption until a ransom is paid this typically spreads through phishing emails or by victims unknowingly visited an infected website ransomware variants have been observed for several years and often attempt to extort money from victims by displaying an on-screen ransom note alert typically these alerts state that the system has been locked or that the computer or network's files have been encrypted the users are told that unless a ransom is paid the files will be lost forever the ransom demanded from individuals varies a lot but is generally in the hundreds of dollars and usually must be paid in virtual currency such as bitcoin ransomware is one of the most significant cyber security risks playing out across our nation's networks many attacks go unreported and ransoms are paid as an attempt to just make the problems go away quickly so that business can resume however this rewards cyber criminals and simply perpetuates the vicious ransomware cycle ransomware must be considered a destructive attack and addressed as if it were a physical attack upon your organization or your facilities so let's look at a very brief history of ransomware the first reported ransomware attack was a virus created by an evolutionary biologist named joseph popp in 1989. the age trojan was disseminated via a floppy disk given to over 20 000 attendees of the world health organization's aid conference the discs were labeled quote aids information introductory diskettes the program would hide file directories and encrypt or lock the file names to regain access the users would have to send 189 dollars to pc cyborg corporation at a po box in panama the age trojan was easy to overcome as it used simple symmetric cryptography and tools that were soon available to decrypt the fi and tools were soon available to decrypt those those files seven years later in 96 researchers introduced a proof of concept for the kidnapping of data utilizing public key cryptography then in the late 2000s i saw a boom in ransomware technology with advanced encryption followed by the introduction of bitcoin ransom demands in 2013 and then attacks designed for data destruction in 2017. more alarming ransomware variants began to target widespread vulnerabilities based on hardware and software products such as the wannacry ransomware outbreak that used the infamous windows eternal blue exploit to infect hundreds of thousands of computers and networks in hundreds of countries joe that's that's actually really interesting especially about the age trojan my wife went to an eu conference for setting their digital agenda in 2010 and she was laughing afterwards telling me about how they gave out unsecured jump drives to everyone with the slides from the conference and she kept saying that nobody attending that conference would ever put something like that into their machines and now i guess i understand what you meant absolutely we've come a long way in awareness of of uh our cyber hygiene um in situations like that so while there are now a multitude of ransomware variants generally speaking ransomware follows a consistent pattern it infects your system it encrypts your data and then it extorts you for payment to undo the infection ransomware is often spread by victims opening phishing emails as stated earlier that contain malicious attachments or through drive-by downloading drive-by-downloading occurs when a user unknowingly visits an infected website where malware is downloaded and installed without the user's knowledge once introduced in your system the malware can do a variety of things it can lock access to your computer or mobile devices preventing you from going past the login screen it can block network access preventing an organization's employees from accessing enterprise files and applications and compromising the network's data it can also simply block access to specific files within the directory on your standalone computer attackers will then prompt you to make payment typically in virtual currency in order to unlock your system and get you back to normal ops some threat actors threaten to sell the stolen data unless ransom is paid however paying ransom is discouraged as it only incentivizes more bad behavior and in many cases the systems are not decrypted when the with the attackers only asking for more money so who's susceptible every individual every company every agency who uses a computer or mobile device that touches the internet is vulnerable to a ransomware attack anyone with important data stored on the computer is at risk including government and law enforcement agencies healthcare systems and other critical infrastructure recovery can be difficult process requiring the services of a reputable data recovery specialist and some victims do pay a ransom to recover their files however as stated before it can't be emphasized enough that there's no guarantee the individuals will recover their files if they pay so not only targets individual users but targets is business as well with the goal of extorting larger payouts the common consequences to businesses that fall victim include losses sensitive or proprietary information disruption to their operations financial losses incurred from loss of business operations and the cost to restore the systems and aren't simply harmed to an organization's reputation the most commonly targeted sectors are starting with the most targeted education federal state local government agencies health care energy and utilities retail and finance just for some context on the economic impact that these sectors represent the top three sectors education government and health care make up over 20 percent of the 2018 u.s gross domestic product regarding healthcare i'd like to bring up two recent cases that are relevant to our topic today so first there's a fortune 500 company with with over 90 000 employees that's been impacted by a cyber incident the company provided no details about the incident but people posting to an online reddit forum who identified themselves as employees said that the the change network was hit by a ransomware attack overnight this past sunday this uh echoed the alarm of a clinician at one of the hospital facilities in washington d.c who described to the associated press as quoting a mad scramble including anxiety over determining which patients might be infected with the virus that causes cova 19. there was a senior cyber security advisor to the american hospital association that added that criminals have been increasingly targeting the networks of healthcare institutions during the coronavirus pandemic that is still ongoing the other case earlier this month this is significant the first known fatality related to ransomware occurred in dusseldorf germany after an attack caused i.t systems to fail any critically ill patient needing urgent admission died after she had to be taken to another city for treatment wow and with that it is time for two quick questions for you all um first have you personally been the victim of a ransomware attack and has your organization been the victim of a ransomware attack so we have our pulling pods up so if you can go ahead and provide your inputs we'd kind of like to get the uh the pulse of the audience to see who has been victims and we're seeing that um this is good a lot of folks have have no personal experience or business experience with ransomware but we do see some folks um their organization has been a victim good to see that nobody specifically purposely personally has been has been impacted put a lot of results in good that's an encouraging result that um for our audience that we have now that there hasn't been a ton of experience with with ransomware attacks either on the personal or business level great we will continue on so looking at the signs of ransomware while the the attacks are serious they are also pretty easy to identify the typical signs are one your web browser or desktop is locked with a message telling you how to pay to unlock your system your file directories could also contain a ransom note file that is usually a a dot txt file or secondly all your files have a new atypical file extension appended to the file names examples of these extensions are are abc dot xx dot crypto or even um we've seen dot omg exclamation point third the ransomware screens often display intimidating messages authors of ransomware benefit from instilling fear and panic into their victims to make them more likely to pay the ransom or click on a link that exposes the user's system to infection examples of these messages include things like saying your computer has been infected with a virus click here to resolve the issue or it could say your computer was used to visit websites with illegal content to unlock your computer you must pay a 100 fine or the message would say all the files on your computer have been encrypted you must pay this ransom within 72 hours to regain access to your data i think we can all hear how alarming this is but what can we do about it so great question ciz has put has created an inside stock that lays out some great prevention and mitigation steps so we'll go over what uh some of those are here so this is through the insi scissor insights cyber insight series the guidelines can help everyone to avoid becoming that next ransomware victim an organization should take responsibility to ensure that i.t staff and management and organizational leadership are all working together to follow these best practices so some actions for today making sure that you're not tomorrow's headline number one back up your data back up your data back up your data this includes system images configurations and keep those backups offline it cannot be understated how important it is to maintain backups of your files that way if attackers lock up your data you can easily revert to the backup files and not worry about losing whatever was encrypted however you must keep backup copies off of your network and test them before reinstalling to ensure they have not been infected by the malware otherwise you may simply be restoring your system with the ransomware still on it for organizations with especially critical or sensitive data it's recommended to secure quote weapons grade system backups that is backup stored in a secure location disconnected from internet access and shielded from physical disactors or emp interference second is to update and patch systems commonly known as patch management this ensures critical vulnerabilities have been identified that they are mitigated three is make making sure your security solutions and processes are up to date as with patch management ensure your security solutions are patched and updated to mitigate the known vulnerabilities four is review and practice your incident response plan at least annually if you don't have a plan create one ensure your organization keeps it up to date and tests it so everyone knows their roles the responsibilities and the processes that ensure effective incident response last but not least pay attention to global ransomware events and apply lessons learned from others experiences as just stated attacks are happening everywhere and often all the time sometimes the best defense is learning from somebody else's mistakes so maintain that situational awareness to stay ahead of the hackers some actions to recover if impacted ask for help contact cisa fbi secret service or local law enforcement they can bring the resources to bear and provide the expert guidance on on specific attack types which they may well have encountered already second work with experienced cyber security advisors to help in your response and recovery ideally identify these advisors in your response plan before an incident occurs so you don't lose time once you're facing the attack isolate the affected machines and systems to prevent the infection from scaling and phase your return to operations to ensure systems are working as expected review the connections of any business partners that touch your network including customers partners and vendors to identify any upstream or downstream viral impacts and lastly apply apply business impact assessment findings to prioritize a recovery this essentially examines the interdependencies surrounding your business and informs which aspects are most critical in order to effectively triage those recovery efforts so some actions to secure your environment going forward practice good cyber hygiene that's backups update patches whitelist applications limit privileges and use multi-factor authentication to segment your networks it's making it hard for the bad guy to move around and affect multiple systems develop network containment strategies so if the bad guys get in make it hard for them to get stuff out of it know your system's baseline for recovery this uh is including your recovery point objective which informs how often you should back up systems the recovery time objective which informs how much time you have to respond to an incident before continuing continuity of business is significantly impacted and then lastly review disaster recovery procedures with executives and validate those goals the us government provides a response framework in an interagency technical guidance document titled how to protect your networks from ransomware the summary of key ransomware best responses includes the following one isolate the infected computer immediately infected system should be removed from the network as soon as possible to prevent ransomware from attacking network or share drives isolate or power off effective devices that have not yet been completely corrupted this may afford more time to clean and recover data contain the damage and prevent conditions from worsening immediately secure that backup data or systems by taking them offline if they're not already offline ensure that backups are free of malware contact law enforcement immediately you're strongly encouraged to contact local field office of the fbi or the u.s secret service immediately upon discovery to report a ransomware event and request their assistance if available collect and secure partial portions of the ransom data that might exist through backups and if possible change all online account passwords and network passwords after removing the system from the network additionally change all system passwords once the malware is removed and then lastly delete registry values and files to stop an infected program from loading in terms of recovery it can be a difficult process that may require the services of a reputable data recovery specialist some victims do pay to recover their files however us government does not encourage paying a ransom to criminal actors and there are serious risks to weigh before paying consider the following factors paying a ransom does not guarantee an organization will regain access to their data in fact some individuals were never provided decryption keys after paying the ransom some victims who paid the demand were targeted again by cyber actors after paying the originally demanded ransom some victims were asked to pay more to get the promised decryption king most notably paying encourages this criminal business model and incentivizes the growth of these attacks so if your organization is attacked implement your security incident response and business continuity plans ideally organizations will ensure they have appropriate backup procedures so their response to an attack will simply be to restore the data from a known clean backup secure network backups eliminate the need to pay a ransom to recover data thanks joe now that we've gone over the basics of ransomware let's pivot to look at a few real world examples of ransomware attacks look at three different scenarios to understand their impacts what each organization did to respond and how they were able to recover and prevent future attacks first is a large global logistics company then an attack on a major us newspaper and finally an attack against a large u.s city so joe can you walk us through those absolutely we'll do so let's uh let's look at first which is the global logistics company they got caught up in one of the biggest ransomware attacks to date in june of 2017 a major shipping corporation was hit with a ransomware attack that brought their normal operations to its knees for nearly 10 days the company was not the direct target of the attack but was simply collateral damage in an attack designed by foreign state actors tarting targeting another state in this case specifically it was russia versus the ukraine so what was the threat and how did this company become a victim the malicious software was called not petya it gained entry into the company's network through accounting software called me doc this is ukraine's equivalent to turbotax or quicken in fact not petty gained entry and compromised over 80 percent of ukrainian businesses through the same accounting platform russian military hackers hijacked me dot medoc which is the the accounting software they hijacked their update servers to access a hidden backdoor into thousands of pcs that had the software installed so not petya used two exploits working in tandem eternal blue and mimikats eternal blue which was created by the national security agency but later leaked by a hacker group takes advantage of a vulnerability in a particular windows protocol it's allowing hackers to remotely run their code on any unpatched machine this vulnerability was exploitable for a year from night from march of 2016 to march of 2017 and was also exploited by the wannacry malware mimikatz developed as a proof of concept could pull windows users password out of ram and use them to hack into other machines accessible with the same credentials prior to notpetya microsoft had released a patch for the eternal blue vulnerability however given the combination of eternal blue and mimikats attackers could infect computers that were not patched and then steal those passwords from those machines to infect the patched computers while not petya presented itself as ransomware its goal was purely destructive something known as whiteware and it irreversibly encrypted computers master boot records software at gate terminals went dead at the shipping company effectively paralyzing their shipping operations at terminals across the globe corporate losses soared beyond 300 million dollars even with the company reverting back to manual processes over the course of the attack and the recovery this figure doesn't even consider the downstream effects um to other businesses dependent upon that global logistics company with that company um within the company alone the malware compromised 50 000 endpoints and thousands of applications across servers and servers across 600 sites in over 130 countries the white house has estimated total damages of over 10 billion dollars across all of not petya's victims wow ten billion dollars that is an incredible amount of financial loss are criminals like this ever caught uh generally no uh as many times there may be nation states that are identified sometimes the groups are identified but many times the actual individuals are are not caught it depends on the attack type so how was this attack identified there were messages on user screens in red and black lettering that read either quote repairing file system on c or it would say oops your important files are encrypted it then demanded 300 worth of bitcoin in order to decrypt the files some of the infected computers spontaneously restarted and in seven minutes not petya infected the entire network of the global shipping giant so how is this mitigated employees scrambled to turn off computers or disconnect them from the network resorting to manually unplugging machines to remove them from the network the company's entire global network was disconnected within two hours of the initial indications of the attack now it should be noted that while no specific number has been reported it's safe to assume that a fair portion of that two hours was spent sharing information and simply getting the word out this aspect of the immediate incident response is still being addressed in the cyber security industry in terms of recovery this relied heavily on human resilience it turns out that openness and transparency was critical to effective recovery the company converted two floors of their building in a 24 7 emergency operations center in order to rebuild the company's global network a consultant staff of 200 people was hired to manage the operations along 400 of the corporate staff who went into every electronics store in the area to buy piles of new laptops and wi-fi hotspots the it staff located backups of almost all of the individual servers dating from between three to seven days prior to not petya's onset but no one could find a backup for one crucial layer of the company's network which was its domain controllers these are the servers that function as a detailed map of the corporate network and set the basic rules that determine which users are allowed to access which systems so after a frantic global search for this the admins finally found one single surviving domain controller backup in a remote office in ghana now by chance this had been knocked offline by a power outage pure coincidence therefore it remained disconnected from the network during the attack so one staffer from the ghana office flew to meet another employee um and in the airport they did the handoff of the very precious hard drive that staffer then boarded six and a half hour flight back to heathrow carrying this keystone to the entire recovery process so about two weeks after the attack the network had finally reached a point where the company could begin reissuing personal computers to most of their staff they lined up computers on dining tables as help desk staff walk down the roads inserting usb drives and clicking through prompts for hours to set up the computers it did take just 10 days for the company to rebuild its entire network of 4 000 servers and 45 000 personal computers now the full recovery took far longer some staffers continued to work around the clocks for for the next two months to rebuild uh the entire corporate software setup so in the wake of this attack i.t staffers say they that practically every single security feature that they've asked for has been almost immediately approved not surprising multi-factor authentication has been rolled out um across the company along with a long delayed upgrade to windows 10. okay given the extraordinary difficulties experienced by the response and recovery team in this scenario it does beg the question do your organizations have plans in place in the event of a ransomware attack we'll bring up the module for you out of the gate it looks like a lot of folks do have a plan in place it's fantastic and the numbers number's getting higher that's good clearly ransomware has has been around a while now um and with the emphasis on cyber security uh it's not only encouraging but not surprising to see that so many of you um your organizations do have a plan in place for ransomware phenomenal excellent so we will move on to our next slide so our second case study looks at an attack against a major u.s publishing company in december of 2018 a ransomware attack disrupted the distribution of multiple major newspapers affiliated with the publishing company the attackers responsible used the malware rook in an attack designed to disable infrastructure specifically the publishing company's servers and then shut down production at some publications for a full day the malware is usually dropped into a system by other malware where it gains access to a system using remote desktop services their protocol vulnerabilities once it's inside the network it automatically spreads from computer to computer or node to node encrypting files along the way so rook took advantage of weak privilege management when servers were brought back online to recover from the infection security patches failed to hold and then the ransomware began to reinfect the network servers used for news production and manufacturing processes were infected delaying the production of multiple national newspapers in some cases by a full day which in the newspaper business is catastrophic investigators believe the attack was meant to disable infrastructure not to steal data so how's this attack identified the initial problem appeared to be a server outage that evening however editors were unable to transmit digital files of finished pages of the newspaper to the printing facility they were locked out of the system and forced to perform workarounds when it staff investigated the issue they quickly found that attempting to view the files containing the news content instead showed a ransom note demanding bitcoin in exchange for decrypting the data screenshots of affected company files show a ransom note titled rook read me so how is this attack mitigated once it was identified programmers immediately started working to quarantine the affected systems and reboot servers however some of the patches installed to secure the network did not hold and the ransomware virus began to reinfect the network impacting a series of servers used for news production and manufacturing it took a full day for security staff to shut down patch and then bring the servers back into production clear of the virus in terms of recovery ster staff worked around the clock to get the publishing company's network back up and running within 24 hours however the lost time meant some newspapers affiliated with the publishing company that missed that day's reporting investigation on the incident identified weak privilege management as the core vulnerability that enabled the attack to remediate this security administrators and forced least privileged principles on the network endpoints and ensured credential theft protection to actively shield against the malware and then finally let's look at a scenario that impacted a government agency serving millions of citizens in 2018 a hacking group targeted government agencies and companies across the united states using the ransomware variant commonly known as samsam by the end of that year the fbi had estimated that this group responsible for these attacks have received over six million dollars in ransom payments and they had caused 30 million dollars in total reported damages one of these attacks was against the government of a major u.s city with the perpetrators demanding over fifty thousand dollars in bitcoin to restore services which officials did refuse to pay over one-third of city offices including essential services were seriously impacted for over five days due to the attack so how did this virus infiltrate critical government infrastructure the group used a brute force attack to guess at weak passwords until a match was found and exploited a vulnerability which was unknown to developers at the time in the in the microsoft remote desktop protocol which allows users to uh to control machines remotely due to the architecture of this remote desktop protocol the controls set in place to prevent brute force attacks were not installed hackers escalated privileges to ensure that they had access to encrypt files critical to the city government's business processes resulting in a particularly damaging attack in other words red actors identified weak passwords from a normal user account which were then used to escalate privileges to access highly sensitive files and servers the vulnerabilities exploited were a combination of infrastructure weakness and user error in the form of using weak passwords that were cracked using brute force methods wow so all of this could have been prevented with a strong password and what happened as a result so five of the city's 13 government departments were locked down including law enforcement courts and public utilities police department had to write incident reports by hand contributing to lost time and the likelihood of increased errors the attack forced manual processing of cases at the municipal court and stopped online or in-person payment of tickets water bills and business license and renewals just to name a few years of data meant to be secured in the government network were lost including a great deal of criminal evidence and the police department's dash cam footage archive the city spent over 2.6 million dollars on emergency efforts with some reports claiming the actual costs were much much higher so let's apply the rmr framework one more time to understand what happened in this scenario identification the city's department of information management first saw outages on numerous internal and customer facing applications including online bill pay and court records the it department sent out emails to city employees instructing them to unplug their computers if they observed anything suspicious going on what was done to mitigate the attack the city immediately shut down much of its network to try and control the situation and implemented manual workarounds where possible to continue services finally how did the city recover city officials quickly reached out to the fbi dhs the secret service and experts in the private sector including secureworks microsoft and cisco these partners worked with staff from the city's information management department to identify the threat and its magnitude and to protect the network perimeter however full recovery was not a fast process six months after the attack a third of the city's software and applications remained impacted okay that is really helpful uncle joe um so this concludes the scenario portion of the webinar now we'll finish up today by walking through a quick knowledge check and review some of the core concepts and takeaways from this course we'll cover uh five multiple choice questions when the question is read do you make a note of your answer and afterwards and after a few moments we'll discuss the correct answer so follow along and let's see how you do the first question which describes the typical way ransomware is spread floppy disk sharing passwords phishing emails or using a vpn all right looks like everybody's been paying attention phishing emails 100 and that is great to see so the answer yes is phishing emails a 2016 report showed that 93 percent of all phishing emails contain a ransomware which is pretty astonishing figure excellent so for the next question uh common indicators of a ransomware attack include all of the following except your desktop is locked with a message displaying how to unlock it your files have new file extensions appended to the file names your network is running extremely slow you're prompted with a notification claim your computer has been infected with a virus and you must click to resolve the issue [Applause] so like a lot of folks think that it's c there's a lot of um a lot of bad things in this list that we probably wouldn't want to see but looks like we have most folks responding in the majority are c and that is correct the the nature of ransomware typically means indicators are much more overt extremely lethargic systems system response may be the result of either non-threatening technical issues or some sort of different type of hacking attack next question what measures can you take to help prevent becoming a casualty of ransomware backing up your data updating patcher systems ensure the secure security solutions are up to date or all of the above this audience is hot out of the gate everybody went right to thinking this is all the above everybody's jumping on that one there's no falling people that is correct all of the above as as per this is a recommendation offline data backup patch management and currency of active security solutions are among the most effective ways to prevent or mitigate the impacts of a of a ransomware attack right job which of the following is not a priority during immediate ransomware response isolate infected computers create a ransomware incident response plan secure backup data or systems and contacting law enforcement we have a lot of most folks going with the incident response plan some folks with law enforcement a lot of responses in answer is b so while creating an incident response plan is extremely important it should be completed prior to the attack or in the recovery phase after an attack immediate response should focus on those more tactical activities and finally true or false paying a ransom will ensure that your systems devices and data are decrypted um everybody apparently thinks this one is false and everybody is paying attention answer is false paying the ransom does not guarantee an organization will regain access to their data um in fact as we stated some might pay only have the attackers ask for even more money than originally requested so you're making yourself an easy mark in many cases great so in closing let's remember that ransomware has been continually evolving over 30 years and can impact everybody so in order to avoid being the next statistic here are a few key takeaways from today's presentation one is to practice good cyber hygiene back up your data system images and configurations on a regular basis and keep those backups offline make sure your security solutions are up to date update software and operating systems with the latest patches outdated applications and operating systems are the target of most attacks use application whitelisting to only allow approved programs to run on your network restrict users permissions to install and run software applications and apply the principle of least privilege to all systems and services employ multi-factor authentication to add an additional layer of security making it harder for the bad actors to log in as if they were you follow safe practices when browsing the internet and never click on links or open attachments in unsolicited emails enable strong spam filters to prevent phishing emails from reaching end users in the first place an authenticated inbound email to prevent email spoofing second major point is review and practice your incident response plan at least annually if you don't have a plan again create one ensure your organization keeps it up to date and tests it so everyone knows roles and responsibilities and the processes that ensure effective incident response lastly pay attention to those global ransomware events and apply the lessons learned from others experiences these attacks as we stated are happening everywhere we just saw two that i had referenced that occurred within the past week sometimes the best defense is learning from others mistakes maintain that situational awareness to stay ahead of uh stay ahead of the enemies this concludes our imr 101 webinar we hope you've enjoyed the webinar and come away with knowledge that helps you better protect yourself and your organization from these sorts of threats so if you want to learn more we encourage you to visit the resources listed here on the slide they include us cert website for ransomware the interagency ransomware response document used to outline the response section of this course and the center for internet security's information on ransomware also not on the slide but certainly notable there's another resource that was just released this week says announced the release of their joint ransomware guide developed in coordination with the msi sac which is the multi-state information sharing and analysis center this ransomware guide is now available on sizz's website uh sysa.gov backslash publication backslash ransomware guide the resource was developed with a target audience of state local tribal and territorial governments and small demand side businesses but it's widely applicable for all scissor partners so that's definitely worth a look thank you for your participation today we really appreciate it there is a certificate of completion available for download as well so with that have a wonderful day and we'll see you next time [Music] [Applause]

Info

Channel: CISA

Views: 5,141

Rating: 4.8974357 out of 5

Keywords:

Id: GdXLp1bEnZE

Channel Id: undefined

Length: 47min 29sec (2849 seconds)

Published: Fri Apr 30 2021