Preliminary Draft NISTIR 8374 Cybersecurity Framework Profile for Ransomware Risk Management William C. Barker Karen Scarfone William Fisher Murugiah Souppaya This is Preliminary Draft publication. For additional details, see the Note to Reviewers on page ii. Preliminary Draft NISTIR 8374 Cybersecurity Framework Profile for Ransomware Risk Management William C . Barker Dakota Consulting Silver Spring, MD Karen Scarfone Scarfone Cybersecurity Clifton, VA William Fisher Applied Cybersecurity Division Information Technology Laboratory Murugiah Souppaya Computer Security Division Information Technology Laboratory June 2021 U.S. Department of Commerce Gina M. Raimondo, Secretary National Institute of Standards and Technology James K. Olthoff , Performing the Non -Exclusive Functions and Duties of the Under Secretary of Commerce for Standards and Technology & Director, National Institute of Standards and Technology 1 National Institute of Standards and Technology Interagency or Internal Report 8374 2 22 pages ( June 2021) 3 Certain commercial entities, equipment, or materials may be identified in this document in order to describe an 4 experimental procedure or concept adequately. Such identification is not intended to imply recommendation or 5 endorsement by NIST, nor is it inte nded to imply that the entities, materials, or equipment are necessarily the best 6 available for the purpose. 7 There may be references in this publication to other publications currently under development by NIST in accordance 8 with its assigned statutory re sponsibilities. The information in this publication, including concepts and methodologies, 9 may be used by federal agencies even before the completion of such companion publications. Thus, until each 10 publication is completed, current requirements, guideline s, and procedures, where they exist, remain operative. For 11 planning and transition purposes, federal agencies may wish to closely follow the development of these new 12 publications by NIST. 13 Organizations are encouraged to review all draft publications during public comment periods and provide feedback to 14 NIST. Many NIST cybersecurity publications , ot her than the ones noted above, are available at 15 https://csrc.nist.gov/publications . 16 Public comment period: June 9, 2021 through July 9, 2021 17 National Institute of Standards and Technology 18 Attn: Applied Cybersecurity Division, Information Technology Laboratory 19 100 Bureau Drive (Mail Stop 2000) Gaithersburg, MD 20899 -2000 20 Email: ransomware@ nist.gov 21 All comments are subject to release under the Freedom of Information Act (FOIA). 22 NISTIR 8374 (PRELIMINARY DRAFT) CYBERSECURITY FRAMEWORK PROFILE FOR RANSOMWARE RISK MANAGEMENT ii Reports on Computer Systems Technology 23 The Information Technology Laboratory (ITL) at the National Institute of Standards and 24 Technology (NIST) promotes the U.S. economy and public welfare by providing technical 25 leadership for the Nation’s measurement and standards infrastructure. ITL develops tests, test 26 methods, reference data, proof of concept implementations, and technical analyses to advance 27 the development and productive use of information technology. ITL’s res ponsibilities include the 28 development of management, administrative, technical, and physical standards and guidelines for 29 the cost -effective security and privacy of other than national s ecurity -related information in 30 federal informa tion systems. 31 Abstract 32 Ransomware is a type of malicious attack where attackers encrypt an organization’s data and 33 demand payment to restore access. In some instances, attackers may also steal an organization’s 34 information and demand an additional payment in return for not discl osing the information to 35 authorities, competitors, or the public. This