The cyber security researchers at the National Institute of Science and Technology (NIST) along with vendors and companies within the cyber security community teamed up to develop a recovery guide for firms hit with ransomware attacks.
Researchers at NIST along with vendors and companies within the cybersecurity community teamed up to develop a recovery guide for firms hit with ransomware. Researchers stated the goal of the guide is to help organizations recover data from cyber security incidents, support smooth recovery in the event of a compromise, and manage enterprise risks, according to the Data Integrity Recovering from Ransomware and other cyber attacks.
According to researchers "Every organization must be able to quickly recover from a data integrity attack and guarantee that any recovered data is accurate, complete, and free of malware. “Data integrity attacks caused by an unauthorized intrusion, deletion, or alteration of data have compromised corporate information including emails, financial records, employee records, and customer data.”We can just go through the synopsis of the new guideline. The guide divides into three volumes which can apply to an organization based on the role of the user within the organization whether they are business decision makers, technology, and program managers, or IT professionals.The joint organizations used the guidelines on how to restore data to its last known good configuration and how to identify correct backup versions as well as corrupted or altered data, and how to determine to identify who modified said data. The guide also offers advice on how to take the proper approach to dealing ransomware attacks, high-level architecture, examples of implementation, security features analysis and functional evaluations to test data integrity. Information includes how to prepare for the immediate threat and aftermath of destructive malware, malicious insider threats, and even honest mistakes to better protect data within an organization. The report proposes a very comprehensive and useful standard-based guide to developing a recovery strategy for any organization on cyber attack. This report will assist any ICS practitioner structure and maintain recovery plans for advanced cyber resilience, as well as institute best-practice models for ongoing cyber security investment decisions and cross-departmental communication standards. This report illustrates how critical it is for any ICS(Industrial Control Systems) to have the technology and resources needed to support advanced ICS threat detection capabilities, as well as prescriptive responses to them. According to Nozomi Networks, “Obtaining a high degree of situational awareness and threat intelligence is crucial in structuring recovery strategies against a cyber attack in any ICS environment.” “Minimizing damage and recovering from cyber attacks is heavily dependent on an operation's ability to recognize and analyze process anomalies in real-time,” Nozomi added. For further guidance on ransomware recovery, visit NIST guideline's - https://nccoe.nist.gov/publication/1800-11/