• This page, Ransomware Self-Assessment Tool, is   offered by
  • Division of Banks

Ransomware Self-Assessment Tool

Mitigating the Risks of Ransomware

Table of Contents

R-SAT 2.0 for Banks and Credit Unions

The Conference of State Bank Supervisors (CSBS) has released an update to the Ransomware Self-Assessment Tool (R-SAT), Version 2.0 for banks and credit unions.

The R-SAT, which was developed in collaboration with the Bankers Electronic Crimes Task Force, state bank regulators, and the U.S. Secret Service, was originally released in October 2020. It is proven to be a thought-provoking but easy-to-use and repeatable tool to help banks and credit unions periodically assess their own efforts to mitigate risks specifically associated with ransomware and to identify gaps for increasing security. The R-SAT also provides executive management and the board of directors with an overview of the institution’s preparedness towards identifying, protecting, detecting, responding to, and recovering from a ransomware attack.

Version 2.0 reflects updates developed considering evolutions in the ransomware threat environment and threat actor behaviors, as well as changes in bank and credit union control environments that have occurred since its original issuance. Updates to the R-SAT were also based in part on the results of a study conducted by multiple state banking departments of ransomware attacks on state-chartered banks and credit unions between January 1, 2019, and December 31, 2022. Findings from this study are summarized in the report Ransomware: Lessons Learned by Banks That Suffered an Attack.

­­If you have any questions, please contact Director of Cybersecurity, IT, Fintech Holly Chase at Holly.Chase@mass.gov or 617 838 3696.

Date published: January 10, 2024

Help Us Improve Mass.gov  with your feedback

Please do not include personal or contact information.