Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Final Ransomware Risk Management Cybersecurity Framework Profile & Quick Start Guide Released Today!
February 24, 2022

ransomware graphic


Ransomware is a type of malicious attack where attackers encrypt an organization’s data and demand payment to restore access. In some instances, attackers may also steal an organization’s information and demand an additional payment in return for not disclosing the information to authorities, competitors, or the public. This serious cybersecurity challenge is becoming more widespread.

To help address this challenge, NIST is releasing two guides:

The final Ransomware Risk Management: A Cybersecurity Framework Profile (NISTIR 8374) incorporates feedback from earlier drafts and is based on the broader Cybersecurity Framework Version 1.1. It can be used as a guide to manage the risk of ransomware events—which includes helping to gauge an organization's level of readiness to counter ransomware threats and to deal with the potential consequences of events.

NIST has also developed a companion quick start guide, Getting Started with Cybersecurity Risk Management: Ransomware, designed for organizations—including those with limited resources to address cybersecurity challenges—to easily understand the advice given in the Profile and to get guidance on what they can begin implementing today. It’s important to recognize that you don’t need to do everything all at once…getting started is the key!

Questions? Email us at  

Related Topics

Security and Privacy: malware

Applications: cybersecurity framework

Created February 23, 2022, Updated March 08, 2022