Ransomware attacks pose an increasing threat to critical infrastructure (CI) sectors. A stark reminder came when Colonial Pipeline paid a $4.4 million ransom after cybercriminals infiltrated its IT network with DarkSide ransomware. Would you have done the same?
The attack disrupted fuel distribution across the southeastern United States and ignited a nationwide conversation around cyber risk. As ransomware variants grow more sophisticated and persistent, organizations that manage critical infrastructure must take proactive steps to identify and reduce vulnerabilities.
The Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) have outlined best practices designed to strengthen cyber resilience and minimize the risk of operational disruption.
Why Critical Infrastructure Is a Prime Target
Critical infrastructure—energy, water, transportation, healthcare, and other vital systems—faces unique cybersecurity challenges. These systems often rely on a mix of legacy technologies in need of modernization, operational technology (OT), and modern IT infrastructure, making them susceptible to targeted attacks.
To reduce critical infrastructure vulnerabilities, it’s essential to focus on both prevention and response.
Key Recommendations to Reduce Ransomware Risk
CISA and the FBI strongly encourage CI operators to implement the following cybersecurity measures:
1. Strengthen Authentication and Access Controls
- Enforce multi-factor authentication (MFA) for all remote access to both OT and IT networks.
2. Prevent Phishing and Malware Infiltration
- Use advanced spam filters to block phishing emails and filter out executable attachments.
3. Implement User Training Programs
- Consider using simulated attacks for spearphishing to discourage users from visiting malicious websites or opening malicious attachments.
4. Filter and Monitor Network Traffic
- Block communications with known malicious IPs and URLs.
5. Update Software
- Patch operating systems, applications, and firmware promptly, and use a centralized patch management system and prioritize based on risk.
6. Limit Use of Remote Desktop Protocol (RDP)
- Restrict or eliminate RDP unless absolutely necessary, and secure it with MFA.
7. Scan With Antivirus/Antimalware Programs
- Monitor and scan IT network assets regularly using up-to-date signatures while using a risk-based asset inventory strategy to determine how OT network assets are identified and evaluated for the presence of malware.
Best Practices for Backup and Recovery
CISA and FBI urge CI owners and operators to apply the following mitigations to reduce the risk of severe business or functional degradation should their CI entity fall victim to a ransomware attack in the future.
Implementing secure and resilient data backup strategies is critical for recovering from ransomware attacks:
- Perform frequent, tested backups of both IT and OT systems.
- Keep backups offline and physically isolated from the primary network.
- Maintain “gold images” of critical systems for quick restoration.
- Store source code and executables separately in case of system rebuilds.
Immediate Response to a Ransomware Attack
If your organization is impacted by a ransomware incident, CISA and FBI recommend taking the following actions immediately:
- Isolate the infected system from all networks.
- Power off and disconnect nearby systems to prevent further spread. (See Before You Connect a New Computer to the Internet for more tips.)
- Secure and scan backups to ensure they are malware-free.
- Report the incident to your local FBI field office. (Refer to the Joint Cybersecurity Advisory for more best practices.)
CISA and the FBI do not encourage paying a ransom to criminal actors. Paying a ransom may embolden adversaries to target additional organizations, encourage other criminal actors to engage in the distribution of ransomware, and fund illicit activities. Paying the ransom also does not guarantee that a victim’s files will be recovered. CISA and FBI urge you to report ransomware incidents to your local FBI field office.
Reduce Your Exposure With CISA’s Free Services
CISA offers no-cost cyber hygiene services to help CI organizations identify and mitigate security gaps, including ransomware vulnerabilities. These services are suitable for organizations of all sizes and sectors.
Additional Resources
For more information on critical infrastructure cybersecurity and ransomware protection, explore the following:
Reduce the Risks and Improve Your Cybersecurity
The Colonial Pipeline attack showed how one ransomware event can trigger national-level disruptions. Reducing critical infrastructure vulnerabilities requires a layered security approach, coordinated response planning, and consistent cybersecurity hygiene.
With our experts at AISN, you can protect your operations from ransomware before it’s too late. Contact us today to assess your needs and develop a plan to reduce critical infrastructure vulnerabilities to strengthen your security posture.