Ransomware is a type of malicious software cyber actors use to deny access to systems or data. The malicious cyber actor holds systems or data hostage until the ransom is paid. After the initial infection, the ransomware attempts to spread to shared storage drives and other accessible systems. If the demands are not met, the system or encrypted data remains unavailable, or data may be deleted. AGA has identified a number of tools, resources, and guidance documents that may be helpful as operators protect themselves against these threats.

United States Computer Emergency Readiness Team (US-CERT) Security Publication on Ransomware
Provides guidance on best practices for cyber hygiene, patching, and combating phishing attacks.

US-CERT Ransomware Executive One Pager
Technical recommendations for protecting networks and responding when an attack has occurred.

Software Engineering Institute (SEI) Ransomware Blog
Detailed analysis of ransomware and best practices for protecting networks.

Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) White Paper on Destructive Malware
This white paper highlights a number of the destructive malware families analyzed by the Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) and gives recommendations for victims on the best way to combat each specific family.

Center for Internet Security (CIS) Ransomware Facts
Information on ransomware infection vectors, capabilities, and recommended mitigations.

Federal Bureau of Investigation Ransomware
Provides tips for dealing with and preventing ransomware threats.

Federal Bureau of Investigation Cyber Division
Tips for prevention, business continuity, and remediation.

Office of Cyber and Infrastructure Analysis (OCIA) Ransomware Analysis
Analysis of malicous actor goals and vulnerabilities.

The No More Ransomware Project
The “No More Ransom” website is an initiative by the National High Tech Crime Unit of the Netherlands’ police, Europol’s European Cybercrime Centre and two cyber security companies – Kaspersky Lab and Intel Security – with the goal to help victims of ransomware retrieve their encrypted data without having to pay the criminals. Since it is much easier to avoid the threat than to fight against it once the system is affected, the project also aims to educate users about how ransomware works and what countermeasures can be taken to effectively prevent infection. The website also provides prevention advice and decryption tools.

New Jersey Cybersecurity & Communications Integration Cell (NJCCIC)
Provides a list of known ransomware, as well as mitigation strategies and advice for reporting.

Electricity Subsector Coordinating Council (ESCC) Ransomware Preparedness Whitepaper
Ransomware Preparedness – the ESCC, in collaboration with the American Gas Association, Downstream Natural Gas ISAC, and Electricity ISAC, developed a “Ransomware Preparedness” document for energy companies to consider in order to reduce the risk and associated impact of ransomware.