Ransomware is one of the most common and impactful cyber threats affecting U.S. State, Local, Tribal, and Territorial (SLTT) government organizations. It is a form of malware programmed to encrypt or lock files, rendering systems unusable. Cyber threat actors (CTAs) demand a ransom in exchange for the key to decrypt or unlock these files. Oftentimes, they threaten to post stolen data online if the ransom is not paid, a threat which is known as double extortion. Such incidents range from simple automated attacks against one device to more complex operations involving ransomware that moves laterally across entire business networks.
In this guide, we review the current ransomware threat landscape and examine the costs of ransomware. We then explore how to mitigate the threat of ransomware using a defense-in-depth strategy powered by resources that are available through the Multi-State and Elections Infrastructure Information Sharing and Analysis Centers (MS- and EI-ISAC) at no or low cost to SLTTs.