A series of recent ransomware incidents not only highlighting just how vulnerable faith-based organizations and charities are to this type of cyberattack, but these incidents also demonstrate threat actors interest in targeting organizations that are often less prepared for a cyber incident and perception they may be more willing to pay the ransom. The FB-ISAO Cyber Threat Intelligence (CTI) Working Group tracks and reports on ransomware incidents affecting non-profits, faith-based organizations including religious organizations. Broadly, the CTI is tasked with identifying information security / cybersecurity-related threats relevant to the community and the associated risks; helping to inform the FB-ISAO cybersecurity threat level; developing actions members can consider given a specific threat level, and other activities relating to enhancing the awareness, security and resilience of our members and community during both routine operations and during incidents relevant to the community. Read more.
Our mid-year review (01 January 2025 through 30 June 2025) indicates that attacks are on the rise.
During the time period of 01 January to 30 June 2025
- 36 organization were victims of ransomware
- 15 churches
- 5 faith-based schools
Ransomware is a type of malicious software—or malware—that prevents you from accessing your computer files, systems, or networks and demands you pay a ransom for their return. Ransomware attacks can cause costly disruptions to operations and the loss of critical information and data. Are you taking steps to protect yourself and your organization? The members of our Cyber Threat Intelligence (CTI) are always ready to help answer questions or to provide best practices.
Below are some considerations for building ransomware resilience.
- Plan. Have a cyber incident response plan (IRP) and know that an IRP is not the same as a ransomware plan. An incident response plan, however, can encompass a ransomware response plan – kind of like every Oreo is a cookie but not every cookie is an Oreo. Review the plan with leadership, your legal resource, your insurance provider, any other relevant parties, and, of course, with your security team!
- Exercise. (No! not the kind you do at the gym!). As with building resilience to all-hazards, hold discussion-based exercises, to include executive workshops & tabletops, and also conduct drills, and consider other operational exercises. The FB-ISAO can help organizations learn more about the benefits of exercising.
- Share Information. Information sharing build resilience across a whole community. Assume that if your facility is a victim, then other similar facilities may be targets. After the initial emergency passes, help others within your community. (That goes for all incidents – not just ransomware.)
- Enable Multi-factor Authentication (MFA). MFA is a way to verify user identity that is more secure than the classic username-password combination. MFA usually incorporates a password, but it also incorporates one or two additional authentication factors. This is important!
- Patch! “Update and patch systems promptly: This includes maintaining the security of operating systems, applications, and firmware, in a timely manner. Consider using a centralized patch management system; use a risk-based assessment strategy to drive your patch management program.” – White House Memo
Ransomware will continue to be a threat, however, building resilience is a way to minimize the impact of such incidents on an organization.
