The Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) are aware of a ransomware attack affecting a critical infrastructure (CI) entity—a pipeline company—in the United States. Malicious cyber actors deployed DarkSide ransomware against the pipeline company’s information technology (IT) network. At this time, there is no indication that the entity’s operational technology (OT) networks have been directly affected by the ransomware.
CISA and FBI urge CI asset owners and operators to adopt a heightened state of awareness and implement the recommendations listed in the Mitigations section of this Joint Cybersecurity Advisory, including implementing robust network segmentation between IT and OT networks; regularly testing manual controls; and ensuring that backups are implemented, regularly tested, and isolated from network connections. These mitigations will help CI owners and operators improve their entity's functional resilience by reducing their vulnerability to ransomware and the risk of severe business degradation if impacted by ransomware.
- National Institute of Standards and Technology (NIST): Framework for Improving Critical Infrastructure Cybersecurity
- NIST: Ransomware Protection and Response
- NIST: Data Integrity: Identifying and Protecting Assets Against Ransomware and Other Destructive Events
- NIST: Data Integrity: Detecting and Responding to Ransomware and Other Destructive Events
- NIST: Data Integrity: Recovering from Ransomware and Other Destructive Events
- NIST: Guide to Industrial Control Systems (ICS) Security
- Software Engineering Institute: Ransomware: Best Practices for Prevention and Response
- NIST Fact Sheet: How Do I Stay Prepared?
Read more at: Cybersecurity & Infrastructure Security Agency