CISA Pre Ransomware Notification Initiative
The US CISA has announced a new Pre-Ransomware notification initiative that aims at alerting organizations of early-stage ransomware attacks.
The motto behind the initiative is that ransomware actors initially gain access to the target organization, then they take some time before stealing or encrypting data. The time-lapse between initial access to a network and the encryption of the systems can last from hours to days.
Early warning notifications can significantly reduce potential loss of data, impact operations, financial ramifications, and other detrimental consequences of ransomware deployment.
The CISA Joint Cyber Defense Collaborative (JCDC) collects information about potential early-stage ransomware activity from multiple sources, including the research community, infrastructure providers, and cyber threat intelligence firms.
The agency will also provide notification to organizations outside of the United States through its international CERT partners.
To enable the broader cyber community to benefit from valuable threat intelligence, we urge organizations to report observed activity, including ransomware indicators of compromise and TTPs, to CISA or our federal law enforcement partners, including the FBI and the U.S. Secret Service.
In 2023 alone, CISA notified over 60 entities across the energy, healthcare, water/wastewater, education, and other sectors about potential early-stage ransomware attacks. It was a success bacause many of the alerted organizations remediated the attack before encryption or exfiltration took place.