The Cybersecurity and Infrastructure Security Agency (CISO) has launched a new public awareness campaign – the Reduce the Risk of Ransomware Campaign – aimed at protecting organizations from ransomware attacks. The campaign is promoting the agency’s documents and other resources, especially those which counter attacks against school systems and organizations involved in the response to COVID-19. Ransomware attacks in 2020 have delayed school openings, caused online classes to be cancelled, and have interfered with hospital treatments.
“Cybercriminals know state and local governments are vulnerable, and they’re taking advantage of those vulnerabilities,” Brandon Wales, CISA’s acting director, said in a recent speech.
The campaign has a new page on the agency’s website with information regarding ransomware. It includes a guidebook written with the Multi-State Information Sharing and Analysis Center (MS-ISAC), and Awareness Briefings on Combating Ransomware, Joint Ransomware Statement, and CISA Insights – Ransomware Outbreak. Information on how governments can use CISA’s technical services – including the Malicious Domain Blocking and Reporting service – and its scanning and monitoring capabilities, are also included.
Wales recommends state and local governments migrate their web presences to the federally administered .gov top-level domain which is run by CISA. The .gov domain includes a variety of security features that commercially available web addresses often lack – including active vulnerability monitoring and two-factor authentication for all users. Sites on .gov are also capable of being “preloaded” in web browsers using HTTPS – a protocol that runs over an encrypted connection – rather than the unsecured HTTP protocol. The federal government also runs a round-the-clock emergency help desk for .gov operators. A .gov domain name costs $400 per year.