CISA tool assesses defense against ransomware

Sheila Zabeu -

July 15, 2021

A new tool announced by the US Cybersecurity and Infrastructure Security Agency (CISA) promises to help assess organizations’ ability and preparedness to defend against and recover from ransomware attacks.

The Ransomware Readiness Assessment (RRA) looks at two main elements: IT assets and industrial control systems (ICS). According to CISA, the tool guides those responsible for IT or industrial environments through a step-by-step process that assesses cybersecurity practices on their networks.

CISA points out that it has adapted RRA to make the tool useful for all types of organizations, regardless of their cybersecurity maturity, and can be used by both small businesses with no dedicated security team and large companies with better-organized cybersecurity departments.

A dashboard with graphs and tables presents the results of the resilience assessment against ransomware attacks in summary and detailed form.

The new tool will be available as a separate module of the Cyber Security Evaluation Tool (CSET), which has gained incremental functionality to help make a comprehensive assessment of the cybersecurity posture based on government and industry-recognized standards and recommendations in the United States.

CISA has launched the Ransomware Readiness Assessment (RRA) module in response to the spate of cyber attacks that the US private sector and government agencies have experienced recently. In May, President Joe Biden signed an executive order establishing actions to strengthen the nation’s defenses against increasingly sophisticated cyber campaigns, which are to be implemented by various security agencies, including CISA.

Ransomware attacks have earned hackers $45.5 million in the first half of 2021 alone, according to an estimate from Ransomwhere, a crowdsourced payments tracker. An amount that could increase dramatically if the REvil group comes up with the $70 million demanded from some 200 US companies hit by a massive ransomware attack earlier this month.

Total ransomware payments tracked in 2021 – Source: Ransomwhere

Ramsomwhere is an open, crowdsourced ransomware payment tracker launched last week by Jack Cable, a security researcher who helped the US Infrastructure Security and Cybersecurity Agency secure election systems ahead of the 2020 presidential election.

Most companies (80%) that pay cybercriminals to regain access to their encrypted systems end up facing another attack. Almost half of those who pay the ransom claim that the data they received back was almost always corrupted. Instead of paying, companies need to tackle this growing problem by finding ways to stop ransomware attacks before the damage is done. 

As cyber breaches and attacks increase, top managers in corporations across all industries are investigating the sources of their vulnerabilities, including monitoring the third parties and supply chain participants who make their businesses possible. Chief information officers and chief information security officers must now protect their own IT environments, while also being accountable for the security of the third-party elements of those environments.