“CISA and the FBI are aware of a ransomware attack affecting a critical infrastructure entity — a pipeline company — in the United States. Malicious cyber actors deployed DarkSide ransomware against the pipeline company’s IT network,” the federal agencies said in a May 12 news release.
The FBI and CISA gave 10 tips to prevent disruption from a ransomware attack:
- Require multifactor authentication for remote access to operational technology and IT networks.
- Enable strong spam filters to prevent phishing emails from reaching users.
- Implement a user training program with simulated attacks for spearphishing.
- Filter network traffic to prohibit communications with known malicious IP addresses. Implement blocklists to prevent users from accessing these websites.
- Update software in a timely manner and consider using a centralized patch system. Use a risk-based assessment strategy to determine which OT networks should participate in a patch management program.
- Limit access to devices on networks and restrict remote desktop protocol. After assessing risks, if RDP is operationally necessary, restrict originating sources and require multifactor authentication.
- Set antivirus and antimalware programs to conduct regular IT scans.
- Disable macro scripts from Microsoft Office files transmitted over email.
- Implement allowlisting, which only allows systems to execute permitted programs.
- Monitor and/or block inbound connections from anonymized IP addresses or ports.
