Transcription of Ransomware Risk Management
1 NISTIR 8374 Ransomware Risk Management : A Cybersecurity Framework Profile William C. Barker William Fisher Karen Scarfone Murugiah Souppaya This publication is available free of charge from: NISTIR 8374 Ransomware Risk Management : A Cybersecurity Framework Profile William C. Barker Karen Scarfone Dakota Consulting Scarfone Cybersecurity Silver Spring, MD Clifton, VA William Fisher Murugiah Souppaya Applied Cybersecurity Division Computer Security Division Information Technology Laboratory Information Technology Laboratory This publication is available free of charge from: February 2022 Department of Commerce Gina M.
2 Raimondo, Secretary National Institute of Standards and Technology James K. Olthoff, Performing the Non-Exclusive Functions and Duties of the Under Secretary of Commerce for Standards and Technology & Director, National Institute of Standards and Technology National Institute of Standards and Technology Interagency or Internal Report 8374 28 pages (February 2022) This publication is available free of charge from: commercial entities, equipment, or materials may be identified in this document in order to describe an experimental procedure or concept adequately.
3 Such identification is not intended to imply recommendation or endorsement by NIST, nor is it intended to imply that the entities, materials, or equipment are necessarily the best available for the purpose. There may be references in this publication to other publications currently under development by NIST in accordance with its assigned statutory responsibilities. The information in this publication, including concepts and methodologies, may be used by federal agencies even before the completion of such companion publications.
4 Thus, until each publication is completed, current requirements, guidelines, and procedures, where they exist, remain operative. For planning and transition purposes, federal agencies may wish to closely follow the development of these new publications by NIST. Organizations are encouraged to review all draft publications during public comment periods and provide feedback to NIST. Many NIST cybersecurity publications, other than the ones noted above, are available at comments on this publication to: National Institute of Standards and Technology Attn: Applied Cybersecurity Division, Information Technology Laboratory 100 Bureau Drive (Mail Stop 2000) Gaithersburg, MD 20899-2000 All comments are subject to release under the Freedom of Information Act (FOIA).
5 NISTIR 8374 Ransomware RISK Management : A CYBERSECURITY FRAMEWORK PROFILE ii This publication is available free of charge from: Reports on Computer Systems Technology The Information Technology Laboratory (ITL) at the National Institute of Standards and Technology (NIST) promotes the economy and public welfare by providing technical leadership for the Nation s measurement and standards infrastructure. ITL develops tests, test methods, reference data, proof of concept implementations, and technical analyses to advance the development and productive use of information technology.
6 ITL s responsibilities include the development of Management , administrative, technical, and physical standards and guidelines for the cost-effective security and privacy of other than national security-related information in federal information systems. Abstract Ransomware is a type of malicious attack where attackers encrypt an organization s data and demand payment to restore access. Attackers may also steal an organization s information and demand an additional payment in return for not disclosing the information to authorities, competitors, or the public. This Ransomware Profile identifies the Cybersecurity Framework Version security objectives that support identifying, protecting against, detecting, responding to, and recovering from Ransomware events.
7 The profile can be used as a guide to managing the risk of Ransomware events. That includes helping to gauge an organization s level of readiness to counter Ransomware threats and to deal with the potential consequences of events. Keywords Cybersecurity Framework; detect; identify; protect; Ransomware ; recover; respond; risk; security. Acknowledgments The authors wish to thank all individuals and organizations that contributed to the creation of this document. Patent Disclosure Notice NOTICE: ITL has requested that holders of patent claims whose use may be required for compliance with the guidance or requirements of this publication disclose such patent claims to ITL.
8 However, holders of patents are not obligated to respond to ITL calls for patents, and ITL has not undertaken a patent search in order to identify which, if any, patents may apply to this publication. As of the date of publication and following call(s ) for the identification of patent claims whose use may be required for compliance with the guidance or requirements of this publication, no such patent claims have been identified to ITL. No representation is made or implied by ITL that licenses are not required to avoid patent infringement in the use of this publication.
9 NISTIR 8374 Ransomware RISK Management : A CYBERSECURITY FRAMEWORK PROFILE iii This publication is available free of charge from: Table of Contents 1 Introduction .. 1 The Ransomware Challenge .. 1 Audience .. 3 Additional Guidance Resources .. 4 2 The Ransomware Profile .. 5 References .. 21 Appendix A Additional NIST Ransomware Resources .. 22 NISTIR 8374 Ransomware RISK Management : A CYBERSECURITY FRAMEWORK PROFILE 1 This publication is available free of charge from: 1 Introduction This Ransomware Profile can help organizations and individuals to manage the risk of Ransomware events.
10 That includes helping to gauge an organization s level of readiness to counter Ransomware threats and to deal with the potential consequences of events. The profile can also be used to identify opportunities for improving cybersecurity to help thwart Ransomware . It maps security objectives from the Framework for Improving Critical Infrastructure Cybersecurity, Version [1] (also known as the NIST Cybersecurity Framework) to security capabilities and measures that help to identify, protect against, detect, respond to, and recover from Ransomware events. The Ransomware Challenge Ransomware is a type of malware that encrypts an organization s data and demands payment as a condition of restoring access to that data.