I tried using the official government ransomware countermeasure tool that 'all organizations should do'



Companies that are deeply involved in daily life, such as

Colonial Pipeline , the largest oil pipeline operator in the United States , and JBS , the world's largest meat company, are frequently targeted by ransomware attacks. Meanwhile, the Cyber Security and Infrastructure Security Agency (CISA) of the United States Department of Homeland Security released the ransomware readiness assessment (RRA), a ransomware countermeasure tool, on June 30, 2021, so let's actually use it. It was.

CISA's CSET Tool Sets Sights on Ransomware Threat | CISA
https://us-cert.cisa.gov/ncas/current-activity/2021/06/30/cisas-cset-tool-sets-sights-ransomware-threat

Release Ransomware Readiness Assessment CSET v10.3 · cisagov / cset · GitHub
https://github.com/cisagov/cset/releases/tag/v10.3.0.0




Released on June 30, 2021 local time, RRA is a tool that evaluates the status of countermeasures against ransomware attacks and is part of CISA's cyber security evaluation tool ' Cyber Security Evaluation Tool (CSET) '. It is open to the public. According to the CISA, RRA is designed to be useful for all organizations, regardless of the maturity of their security measures. In addition, the CISA said, 'We strongly recommend that all organizations undergo an RRA ransomware countermeasure evaluation,' emphasizing the importance of strengthening countermeasures against ransomware attacks.

To actually use RRA, go to the official distribution page of CSET and click 'Download CSETStandAlone.exe' to download the installer.



Then double-click the downloaded CSET installer to launch it.



You will be asked if you want to install CSET on your desktop, so click 'Yes'.



Check I accept the license terms and click 'Install'.



Installation of CSET may require the installation of other software. This time, the ' SQL Server ' installation dialog was displayed, so click 'Next'.



Check I accept the license terms and click Next.



Then click 'Install'.



Click Finish when the SQL Server installation is complete.



This time, you will

be asked to install 'Microsoft Internet Information Services (IIS) ', so check I accept the license terms and click 'Install'.



Click Finish when the IIS installation is complete.



Finally, the CSET installation dialog opens, so click 'Next'.



After reading the disclaimer and checking it, click 'Next'.



Then, the installation destination selection screen is displayed. This time, I just clicked 'Next'.



Then click Install.



When the installation is complete, click 'Finish' ...



Click Close to finish the setup.



After the installation is complete, search for and run CSET from the Start menu to run RRA and perform a ransomware countermeasure evaluation.



When you execute CSET, the CSET management screen will open in your browser. Click 'Start New Assessment' to create an assessment.



When the evaluation creation screen is displayed, enter the name, date, facility name, and city of the evaluation to be created, select 'Maturity Model' that includes RRA from the Assessment Option, and click 'Next'.



Then enter the name and type of your organization, the value of the assets you want to protect, and click Next.



Then, the model that can be evaluated is displayed, so ...



Select 'Ransomware Readiness Assessment' for the ransomware countermeasure status assessment model and click 'Next'.



When the tutorial is displayed, scroll down and read on ...



Click Next at the bottom of the screen.



Then, the measures necessary for ransomware countermeasures such as 'data backup', 'web browser management and DNS filtering', and 'phishing prevention and recognition' are displayed in a row by category.



There are multiple question items in each category, so select either 'Yes' or 'No'. For example, the 'Data Backup' category is lined with questions such as 'Are you ready to back up your important data and restore it for at least 30 days?' And 'Is your data backup tested annually?' I was there.



After answering all the questions, click Next.



Then, the ransomware countermeasure achievement rate for each category is displayed as a bar graph. In the environment where RRA is executed this time, 100% measures are taken in the 'Data backup' 'Web browser management and DNS filtering' category, but 'Network monitoring' 'Patch and update management' 'Application integrity' It was found that only 50% of the measures were taken in the four categories of 'check and permission list creation' and 'risk management'.



If you select 'Performance Summary' from the menu on the left side of the screen, you can also check the achievement rate of ransomware countermeasures by importance like this.



Furthermore, if you click 'Reports' from the menu on the left and then click 'RRA Report' ...



You can output a detailed report that summarizes the ransomware countermeasure status.



RRA is just a tool to evaluate the status of ransomware countermeasures, and it does not mean that 'installing RRA will prevent you from being attacked by ransomware.' However, by using RRA, we can confirm many measures necessary for ransomware countermeasures, so I felt that it was a useful tool for checking the ransomware countermeasure status of the organization and connecting it to future countermeasures.

in Review,   Software,   Security, Posted by log1o_hf