• Office of the Comptroller

New Ransomware Guide Issued – Ransomware is Still on the Rise!

On a global scale, ransomware attacks are still on the rise and will continue to be a threat. The Cybersecurity and Infrastructure Security Agency (CISA) and Multi-State Information Sharing and Analysis Center (MS-ISAC) have released a joint Ransomware Guide as a one-stop resource for proactive protection steps and best practices for responding to an incident. The guide is helpful for identifying the role of leadership and internal controls that should be considered to prevent incidents. The guide also has a checklist that can be used to review the Department’s Incident Response, Business Continuity and Disaster Recovery Plans and test these plans to ensure the best response to quickly mitigate a ransomware incident.


This guide will be helpful to support Departments as they update and verify that mission and daily operational Internal Controls have been updated to include cybersecurity, including the Commonwealth default Enterprise Security Policies and Standards and most importantly that these security standards are being implemented across the Department. While the guide is written primarily for IT professionals, every level of a Department can benefit from reviewing it to see the scope of impact from a ransomware event. Continuous staff reminders about remaining cautious and vigilant about email attachments and links remains a top protection from ransomware infections.


As part of internal controls, Departments must contact CTREmergencyNotification@mass.gov with any incidents or suspected incidents of fraud or cyber-attacks, to ensure that CTR can act to protect Enterprise Systems or assist with mitigation strategies and continued operations. Visit the CTR Cyber Center for additional resources and links for Cybersecurity Tips and Alerts.

OFFICE OF THE COMPTROLLER OF THE COMMONWEALTH

William McNamara, Comptroller of the Commonwealth

One Ashburton Place, 9th Floor, Boston MA 02108

comptroller.info@mass.gov

For your protection, please do not email personal information (e.g. Social Security Number, Bank Account Number, Passwords).

For assistance, please call us at

(617) 727-5000

  • Twitter
  • Facebook
  • LinkedIn
  • Instagram