CISA Wants You To Report Anything You Know About Ransomware Activity

The U.S. Cybersecurity and Infrastructure Security Agency’s new initiative is designed to help organizations stop ransomware attacks early.

CISA Wants You To Report Anything You Know About Ransomware Activity

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) is launching its Pre-Ransomware Notification Initiative designed to help organizations thwart ransomware attacks in the early stages of incidents as ransomware actors dwell in a victim’s environment before deploying the ransomware.

According to CISA, that window of time–which can last from hours to days–gives the agency enough time to warn organizations that ransomware actors have gained initial access to their networks. Such a warning could help victims kick the threat actors out of their environment before they have a chance to encrypt data and hold it hostage for a ransom payment.

The agency says the effort relies on the Joint Cyber Defense Collaborative (JCDC)–a public-private partnership leveraging the global cyber community to help defend networks– and tips from the cybersecurity research community, infrastructure providers and threat intelligence companies about potential early-stage ransomware activity.

Once the agency is notified, field personnel across the country work to notify the victim and provide specific mitigation guidance. Where a tip relates to a company outside of the U.S., CISA works with its international counterparts to notify organizations.

According to CISA, the agency has already notified over 60 entities in energy, healthcare, water/wastewater/education and other sectors about potential pre-ransomware intrusions, and many of them have confirmed the intrusion and mitigated the attack before encryption of exfiltration of data occurred.

In cases where threat actors have already encrypted data, the JCDC will help the victim organization recover and reduce the impact of an attack. These actions include providing information to help identify the data that may have been exfiltrated from a victim’s network and, as well as details of the intrusion to support investigate and remediation efforts, the agency says.

This activity will also help agencies create cybersecurity advisories on ransomware actors and variants to enable network defense at scale as part of CISA”s ongoing campaign against ransomware.

However, to make this initiative work, organizations must report observed activity, including ransomware indicators of compromise and tactics, techniques and procedures (TTPs) to CISA, the FBI and U.S. Secret Service.

Any organization or individual with information about early-stage ransomware activity is urged to contact CISA at

This article originally appeared in CS sister publication Zachary Comeau is TD’s editor in chief.

If you appreciated this article and want to receive more valuable industry content like this, click here to sign up for our FREE digital newsletters!

Leading in Turbulent Times: Effective Campus Public Safety Leadership for the 21st Century

This new webcast will discuss how campus public safety leaders can effectively incorporate Clery Act, Title IX, customer service, “helicopter” parents, emergency notification, town-gown relationships, brand management, Greek Life, student recruitment, faculty, and more into their roles and develop the necessary skills to successfully lead their departments. Register today to attend this free webcast!

Leave a Reply

Your email address will not be published. Required fields are marked *

Get Our Newsletters
Campus Safety Conference promo