The National Institute of Standards and Technology (NIST) has published draft guidelines providing businesses with ways to defend against debilitating ransomware attacks.
The two draft practice guidelines to help firms create strategies to protect data in the event of an cyberattack.
Ransomware attacks, which involve an individual or group locking a network and demanding payment before giving the user access again, saw a spike in 2019, as multiple cities across the country were temporarily crippled by these types of attacks.
“Some organizations have experienced systemic attacks that force operations to cease,” the agency wrote in its guidelines. “One variant of a data integrity attack-ransomware-encrypts data, rendering it unusable. This type of impact to data affects business operations and often leads them to shut down.”
Multiple cybersecurity firms, including Symantec and Cisco, have signed on to help NIST. The draft guidelines are open for public comment through Feb. 26.
NIST, which is part of the Commerce Department, is not the first federal agency to take action to defend businesses and government entities against ransomware attacks.
The FBI issued an alert in October warning businesses of the dangers of “high-impact” ransomware attacks, while the Department of Homeland Security’s (DHS) cyber agency issued a separate alert about the rise in ransomware attacks in August, describing it as “the most visible cybersecurity risk playing out across our nation’s networks.”
Download the draft practice guidelines here.