Cybersecurity

Federal agency offers guidelines for businesses defending against ransomware attacks

The National Institute of Standards and Technology (NIST) published draft guidelines Monday providing businesses with ways to defend against debilitating ransomware attacks.

The two draft practice guidelines to help firms create strategies to protect data in the event of an cyberattack.

Ransomware attacks, which involve an individual or group locking a network and demanding payment before giving the user access again, saw a spike in 2019, as multiple cities across the country were temporarily crippled by these types of attacks.

“Some organizations have experienced systemic attacks that force operations to cease,” the agency wrote in its guidelines. “One variant of a data integrity attack-ransomware-encrypts data, rendering it unusable. This type of impact to data affects business operations and often leads them to shut down.”

The government of New Orleans fell victim to an attack that prompted a state of emergency being declared. Less than a year earlier, Baltimore suffered a similar attack.

In August, almost two dozen small towns in Texas were targeted by coordinated ransomware attacks, while schools districts across the country were also hit.

Multiple cybersecurity firms, including Symantec and Cisco, have signed on to help NIST. The draft guidelines are open for public comment through Feb. 26.

NIST, which is part of the Commerce Department, is not the first federal agency to take action to defend businesses and government entities against ransomware attacks. 

The FBI issued an alert in October warning businesses of the dangers of “high-impact” ransomware attacks, while the Department of Homeland Security’s (DHS) cyber agency issued a separate alert about the rise in ransomware attacks in August, describing it as “the most visible cybersecurity risk playing out across our nation’s networks.”

On Capitol Hill, multiple bills from members on both sides of the aisle have been introduced, and DHS recently briefed members of the Senate Cybersecurity Caucus on the threats posed by these types of cyberattacks.