The US Cybersecurity and Infrastructure Security Agency is launching a campaign to raise awareness of the ways organizations can defend themselves against ransomware attacks.

“Ransomware is increasingly threatening both public and private networks, causing data loss, privacy concerns, and costing billions of dollars a year,” CISA stated. “These incidents can severely impact business processes and leave organizations without the data they need to operate and deliver mission-critical services. Malicious actors have adjusted their ransomware tactics over time to include pressuring victims for payment by threatening to release stolen data if they refuse to pay and publicly naming and shaming victims as secondary forms of extortion.”

CISA’s Acting Director Brandon Wales noted that any type of organization can be targeted by these attacks.

“CISA is committed to working with organizations at all levels to protect their networks from the threat of ransomware,” Wales said. “This includes working collaboratively with our public and private sector partners to understand, develop and share timely information about the varied and disruptive ransomware threats. Anyone can be the victim of ransomware, and so everyone should take steps to protect their systems.”

The agency says the campaign will have an emphasis on healthcare and educational institutions.

“In this campaign, which will have a particular focus on supporting COVID-19 response organizations and K-12 educational institutions, CISA is working to raise awareness about the importance of combating ransomware as part of an organization’s cybersecurity and data protection best practices,” the agency said. “Over the next several months, CISA will use its social media platforms to iterate key behaviors or actions with resource links that can help technical and non-technical partners combat ransomware attacks.”

The vast majority of ransomware attacks begin when an attacker gains a foothold via a phishing attack or an exposed RDP port. New-school security awareness training can give your organization an essential layer of defense by enabling your employees to recognize social engineering tactics and follow security best practices.