Skip to main content


Ransomware Guides and How to Use Them

Ransomware Guides and How to Use Them

Ransomware cyberattacks are one of the fastest-growing attack methods globally, causing many organizations to ask themselves a critical question. Have we done enough to secure our institution against a ransomware attack?

Ransomware readiness is crucial in today’s cyber climate. Still, evaluating the processes and controls you have in place to prevent, recover from, and mitigate the effects of a ransomware attack can seem like a daunting task. Pair that with the abundance of ransomware readiness guidance available and formulating a plan to assess your institution can make most of us want to turn around and go home.

If you want to assess your institution’s ransomware readiness and aren’t sure where to start, or maybe you’ve reviewed some of these sources already and are confused about which one to put your time into, don’t panic! We will review several references to help get you started.

In October 2020, the Conference of State Bank Supervisors released their Ransomware Self-Assessment Tool (R-SAT). The R-SAT was developed to help financial institutions assess their risk for ransomware and identify any gaps in their ransomware protection program. It was also designed to give executive management and the board of directors an overview of an institution’s preparedness in the event of a ransomware attack.

Then, in December of 2020, SBS CyberSecurity released Top Six Controls to Mitigate a Ransomware Attack. This resource lists specific controls that can be put in place to protect your institution’s network and data from a ransomware attack.

Fast forward a year later, in August 2021, the Cybersecurity and Infrastructure Security Agency (CISA) released a fact sheet titled, “Protecting Sensitive and Personal Information from Ransomware-Caused Data Breaches.” This fact sheet provides information on preventing and responding to ransomware-caused data breaches.

Let’s dig into each of these resources to see how using them together can help you build a strong ransomware protection program.


Who is the audience for each guide?

Right off the bat, the R-SAT lets you know its audience. From executives to directors, the R-SAT promotes valuable insight into an institution’s preparedness. For example, it can be used by an information security officer (ISO) to:

  • Assess readiness
  • Report on programs
  • Identify gaps

Though the R-SAT can be used as a guide for mitigating gaps within protection programs, it’s also essential to look elsewhere for additional guidance on best practices.

The CISA fact sheet provides information on preventing and responding to ransomware-caused data breaches. It is not an assessment or reporting tool but a general guide for building baseline best practices. ISOs and IT Managers, or anyone responsible for implementing and developing policies, would benefit from reviewing this.

The SBS CyberSecurity document is another fundamental guidebook, as it proves to be the most technical and granular of the three tools. It lists specific controls you can implement, along with an Incident Response Playbook on how to handle ransomware if you are attacked. Your in-house or outsourced network administrator would be responsible for implementing the controls in this guide.


What is in each guide?

The R-SAT addresses areas of ransomware risk utilizing the functions of the National Institute of Standards and Technology (NIST) Cybersecurity Framework; identify, protect, detect, respond, and recover. To assist in the reporting and reviewing process, it has a series of mostly yes or no questions, as well as checklists for various controls.


RSAT Screenshot

Figure 1: R-SAT Questionset


The CISA fact sheet is a high-level guide for preventing, detecting, and responding to ransomware attacks. It lists general controls for prevention and detection, best practices for responding, and many links for more detailed guidance.


CISA Ransomware Fact Sheet Screenshot

Figure 2: CISA Ransomware Fact Sheet - Preventing Ransmoware Attacks


The SBS CyberSecurity guidance lists specific, granular controls. Rather than providing an overview of the types of controls that should be in place, it gives you detailed items to improve the security of your program and implement your policies.


SBS Ransomware Guide Screenshot

Figure 3: SBS Ransomware Guidance - Control


That’s all great, but which one do I use?

All of them! To assess and report on your ransomware readiness, start with the R-SAT. It will help you determine:

  • Which controls your institution has implemented
  • What policies and procedures you have in place
  • Any gaps that should be addressed

Once you have identified the gaps, working through the CISA fact sheet is the next step. As the fact sheet only lists general controls and best practices while skipping over more detailed controls, it is a great guide to assist in developing policies for your program. It also has many links to more in-depth information for building a robust prevention program, which leads us to step three.

After that, take a look at the SBS CyberSecurity guide, which lists specific practices and controls you can implement. These are not general guidelines but real-world practices to help secure your network and protect your institution. This guide will help you implement the policies you developed from the CISA fact sheet.

Building a solid prevention program requires more insight than each guidance can give us individually. When used in conjunction, however, the three guides discussed can help you build a robust Ransomware Prevention Program. Utilize the three as a step-by-step process:

  • R-SAT – used to assess the program and identify gaps
  • CISA fact sheet – assists in building policies and procedures with additional technical guidance provided by embedded links
  • SBS CyberSecurity guide – provides specific, real-world controls to implement, as well as an Incident Response Playbook


Go forth and protect, my friends! It’s dangerous to go alone, so take this guide to help you along your way.


Written by: Lynda Hartup, Senior Information Security Consultant
SBS CyberSecurity

SBS Resources:

  • {Blog} Indicators of Compromise: If someone was in your network, would you know? If someone was sending your data out the back door of your network, could you tell? To answer these questions, you must first understand your networking environment and what "normal" in that environment looks like. How do you start to figure out what "normal" looks like on your network? Here's a start.
  • {Blog} 7 Steps to Building an Incident Response Playbook: Walk through the seven steps to creating an Incident Response Playbook tailored to your organization. A playbook allows you to document ways to mitigate the most risk regarding the riskiest Incident Response threats to your organization. Identifying relevant threats that could be extremely impactful to your network and creating walkthrough scenarios on how to counteract those threats helps your Business Continuity and Incident Response teams focus on what needs to be addressed first.
  • {Service} Incident Response Planning: An SBS consultant can assure your well-structured Incident Response Plan (IRP) will help mitigate the negative effects of a security breach, as well as demonstrate to examiners that your organization is properly prepared to handle such an event. 
  • Ransomware Toolkit: Advancing your cybersecurity program isn't always a walk in the park. SBS has created this Ransomware Toolkit to help take your cyber program to the next level. 
  • Incident Response Assistance: If your organization needs immediate assistance with an active incident or security breach situation, call 605-923-8722 to speak to our Incident Response Team. 

Related Certifications:

Join our growing community of financial service professionals showing their commitment to strong cybersecurity with a cyber-specific certification through the SBS Institute. Click here to view a complete list of certifications.
Certified Banking Incident Handler    Certified Banking Vulnerability Assessor

Hacker Hour webinars are a series of free webinars hosted by SBS CyberSecurity. Unlike paid webinars, Hacker Hours are aimed to meet on a monthly basis to discuss cybersecurity issues and trends in an open format. Attendees are encouraged to join the conversation and get their questions answered. SBS will also offer products and services to help financial institutions with these specific issues.

Posted: Monday, April 25, 2022
Categories: Blog