Threat Management, Malware, Ransomware

NIST develops guidelines for dealing with ransomware recovery


The National Cybersecurity Center of Excellence (NCCoE) at the National Institute of Standards and Technology (NIST) along with vendors and businesses within the cybersecurity community teamed up to develop a recovery guide for firms hit with ransomware attacks.

Researchers said the goal of the guide is to help organizations recover data from cybersecurity events, facilitate smooth recovery in the event of a compromise, and manage enterprise risks, according to the Data Integrity Recovering from Ransomware and Other Destructive Events report.

“Organizations must be able to quickly recover from a data integrity attack and trust that any recovered data is accurate, complete, and free of malware,” researchers said in the guide. “Data integrity attacks caused by unauthorized insertion, deletion, or modification of data have compromised corporate information including emails, employee records, financial records, and customer data.”

The guide is broken into three volumes and can be used in various ways depending on the user's role within their organization whether they are business decision makers, technology and program managers, or IT professionals.

The joint organizations used the guide to provide tips on how to restore data to its last known good configuration and how to identify correct backup versions as well as poisoned, or altered data, and how to determine identify who altered said data.

The guide also offers advice on how to take the proper approach to dealing ransomware attacks, high-level architecture, examples on implementation, security characteristics analysis and functional evaluations to test data integrity.

Information is also provided on how to prepare for the immediate threat and aftermath of destructive malware, malicious insider threats, and even honest mistakes to better protect data within an organization.

The report offers a very detailed and useful standard-based guide to developing cyberattack recovery strategies for any organization, Nozomi Networks Chief Executive Officer (CEO) Edgard Capdevielle told SC Media.

He added that using this report will help any ICS practitioner structure and maintain recovery plans for improved cyber resilience, as well as establish best-practice models for ongoing cybersecurity investment decisions and cross-departmental communication models.

“Minimizing damage and recovering from cyberattacks is heavily dependent on an operation's ability to recognize and analyze process anomalies in real-time,” Nozomi said. “Obtaining a high degree of situational awareness and threat intelligence is key in structuring recovery strategies against a cyberattack in any ICS environment.”

Nozomi added that the report illustrates how important it is for any ICS to have the technology and resources required to support advanced ICS threat detection capabilities, as well as prescriptive responses to them.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.