An official website of the United States government
Here's how you know
A .gov website belongs to an official government organization in the United States.
A lock (lock ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Press Release | May 23, 2023

#StopRansomware Guide Released by NSA and Partners

FORT MEADE, Md. - To guide network defenders in protecting against the rapidly evolving ransomware tactics of malicious cyber actors, the National Security Agency (NSA) and several partners are publicly releasing the “#StopRansomware Guide” Cybersecurity Information Sheet (CSI) today.
“Ransomware tactics have become more destructive and impactful,” Rob Joyce, NSA Director of Cybersecurity. “Malicious cyber actors are not only encrypting files and asking for ransom, they are also exfiltrating data and threatening victims to release it as a form of extortion. Most importantly, the speed of compromise and impact have increased dramatically, requiring even more effort on the part of defenders.”
Originally released in 2020 by the Cybersecurity and Infrastructure Security Agency (CISA) and Multi-State Information Sharing and Analysis Center (MS-ISAC), the guidance was updated to include additional best practices and recommendations based on operational insight from CISA, MS-ISAC, NSA, and the Federal Bureau of Investigation (FBI).
Additional guidance includes recommendations for preventing common initial infection vectors, cloud backups, and Zero Trust Architecture (ZTA). These recommended practices align with the Cross-Sector Cybersecurity Performance Goals (CPGs) developed by CISA and the National Institute of Standards and Technology (NIST). The CSI also expands the ransomware response checklist to include threat hunting tips for detection and analysis.
This report is part of the #StopRansomware effort initiated by CISA. Relatedly, in February 2023, NSA and several partners teamed up with the South Korean government to highlight malicious cyber actors’ use of ransomware to target critical infrastructure.
“These attacks will only continue evolving into more frequent and more sophisticated ransomware attacks,” Rob Joyce, NSA Director of Cybersecurity. “We need to effectively counter this growing threat.”
In the CSI, the agencies advise that organizations implement best practices to better prepare and protect their facilities, personnel, and customers from cybersecurity threats. Additionally, the CSI includes no-cost resources offered by CISA and MS-ISAC to help counter ransomware threats.
Read the full report here.
Visit our full library for more cybersecurity information and technical guidance.

NSA Media Relations