Thanks for helping shape our ransomware guidance! We've published an initial public draft of NISTIR 8374 Revision 1, Ransomware Risk Management: A Cybersecurity Framework Profile. It reflects changes made to the Cybersecurity Framework (CSF) from CSF 1.1 to CSF 2.0 which identifies security objectives that support managing, detecting, responding to, and recovering from ransomware events. The public comment period is open until March 14, 2025. Please send your feedback about this initial public draft and what content would be most valuable in future NIST ransomware guidance to ransomware@nist.gov. Once finalized, NISTIR 8374 Revision 1 will replace NISTIR 8374, Ransomware Risk Management: A Cybersecurity Framework Profile .
NIST has also previously published the Quick Start Guide: Getting Started with Cybersecurity Risk Management | Ransomware.
Our resources on tips and tactics for preparing your organization for ransomware attacks are here!
Ransomware is a type of malicious attack where attackers encrypt an organization’s data and demand payment to restore access.
Here’s an example of how a ransomware attack can occur:
Ransomware disrupts or halts an organization’s operations and poses a dilemma for management: does the organization pay the ransom and hope that the attackers keep their word about restoring access, or does the organization not pay the ransom and restore operations themselves?
Fortunately, organizations can take steps to prepare for ransomware attacks. This includes protecting data and devices from ransomware and being ready to respond to any ransomware attacks that succeed.
Here are NIST resources that can help you with ransomware protection and response.
Security and Privacy: incident response, ransomware, vulnerability management