CISA, FBI & NSA Issue Ransomware Warning Alert

Uploaded on 2021-10-27 in TECHNOLOGY--Resilience, GOVERNMENT-Law Enforcement, FREE TO VIEW

The Cybersecurity and Infrastructure Security Agency (CISA), Federal Bureau of Investigation (FBI), and National Security Agency (NSA) published a cyber security advisory regarding increased Conti ransomware attacks. 

The three US federal agencies urge enterprise IT admins to review their organisations' network security posture and implement the immediate actions outlined in the joint advisory to defend against Conti ransomware. This advisory includes technical details on the threat and mitigation steps that public and private sector organisations can take to reduce their risk to this ransomware.

CISA and the FBI have observed over 400 attacks using Conti ransomware against US and international organisations to steal files, encrypt servers and workstations, and demand a ransom payment to return stolen sensitive data. The joint cyber security advisory from CISA, the FBI, and the NSA shares the tactics, techniques, and procedures associated with BlackMatter activity that could help organisations protect against the BlackMatter ransomware gang.

BlackMatter ransomware-as-a-service activity started in July with the clear goal of breaching corporate networks belonging to businesses in the US, Canada, Australia, and the UK with a revenue of at least $100 million. Conti is considered a ransomware-as-a-service (RaaS) model ransomware variant, however there is variation in its structure that differentiates it from a typical affiliate model. 

It is likely that Conti developers pay the users of the ransomware a wage rather than a percentage of the proceeds from a successful attack.

“Americans are routinely experiencing real-world consequences of the ransomware epidemic as malicious cyber actors continue to target large and small businesses, organizations, and governments,” said Eric Goldstein, Executive Assistant Director for Cybersecurity, CISA. “CISA, FBI, and NSA work tirelessly to assess cyber threats and advise our domestic and international partners on how they can reduce the risk and strengthen their own capabilities. We encourage Americans to visit stopransomware.gov to learn how to improve their own cybersecurity to mitigate risk of becoming a victim of ransomware... The FBI, along with our partners at CISA and NSA, is committed to providing resources in an effort to help public and private sector entities protect their systems against ransomware attacks,” said Assistant Director Bryan Vorndran of the FBI’s Cyber Division. 

“The cyber criminals now running the Conti ransomware-as-a-service have historically targeted critical infrastructure, such as the Defense Industrial Base (DIB), prior to Conti campaigns, and the advisory highlights actions organisations can take right now to counter the threat,” said Rob Joyce, Director of Cybersecurity at NSA. “NSA works closely with our partners, providing critical intelligence and enabling operations to counter ransomware activities. We highly recommend using the mitigations outlined in this advisory to protect against Conti malware and mitigate your risk against any ransomware attack.”

Using the MITRE ATT&CK common lexicon of adversary behavior, the advisory highlights observed Conti actors’ techniques used to conduct their exploits, such as spearphishing campaigns, remote monitoring and management software, the “PrintNightmare” vulnerability, and remote desktop software. Also, artifacts from a recently leaked threat actor “playbook” identify Internet Protocol (IP) addresses Conti actors have used for their malicious activity. Organisations should read and implement the recommended mitigations and continue to be vigilant against this ongoing ransomware threat.

If an organisation should become a victim of ransomware, CISA, FBI and NSA strongly discourage paying the ransom. Paying a ransom may embolden adversaries to target additional organisations, encourage other criminal actors to engage in the distribution of ransomware, and does not guarantee that a victim’s files will be recovered. 

As a cyber security community, one of the best ways to prevent future ransomware attacks and hold these criminals accountable is for cyber attack victims to report it.

CISA:       US-CERT:     ITPro:      Bleeping Computer:     Cyberscoop

You Might Also Read: 

GCHQ Boss Says Ransomware Attacks Have Doubled In A Year:

 

« Cambridge University Rejects £400m Over Pegasus Hacking
A Short Guide To Ransomware »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

Resecurity, Inc.

Resecurity, Inc.

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Delphix

Delphix

Delphix is the industry leader for DevOps test data management.

InfoWatch

InfoWatch

InfoWatch solutions allow you to protect data and information assets that are critically important to your business.

Pole SCS (Secure Communicating Solutions)

Pole SCS (Secure Communicating Solutions)

SCS is a world-class competitiveness cluster dedicated to digital technologies in the fields of Microelectronics, Internet Of Things, Digital Security, Artificial Intelligence And Big Data.

Secardeo

Secardeo

Secardeo is a provider of corporate solutions using digital signatures and certificates. Our solutions enable the user transparent end-to-end encryption of e-mails between organizations.

PrivateCore

PrivateCore

We protect data-in-use from hackers trying to steal data such as encryption keys, certificates, intellectual property.

Callsign

Callsign

Callsign’s mission is to seamlessly power the identification of every web, mobile and physical interaction.

IoT M2M Council (IMC)

IoT M2M Council (IMC)

The IMC is the largest and fastest-growing trade organisation in the IoT/M2M sector.

Schweitzer Engineering Laboratories (SEL)

Schweitzer Engineering Laboratories (SEL)

SEL specializes in creating digital products and systems that protect, control, and automate power systems around the world.

Stefanini Group

Stefanini Group

Stefanini is a global IT services company providing a broad range of solutions for digital transformation including automation, cloud, IoT and cybersecurity.

Infuse Technology

Infuse Technology

Infuse Technology provide the highest level of cybersecurity support, implementing practical solutions to protect against cyber-attacks, from simple phishing scams to complex data security breaches.

Incognia

Incognia

Incognia have created a ubiquitous private identity based on location behavior, that enables a personalized frictionless experience with mobile apps and connected devices.

Vircom

Vircom

With a large majority of cyber attacks starting with email, Vircom provides protection against the worst email security threats to your business.

Gem Security

Gem Security

Gem is on a mission to help security operations evolve into the cloud era, and stop cloud threats before they become incidents.

Atlas Cloud

Atlas Cloud

Atlas Cloud is a UK-wide provider of managed services based in Newcastle. Our ‘research-led’ approach to IT services helps leaders make better decisions about IT for their businesses.

ConvergePoint

ConvergePoint

ConvergePoint is the leading compliance software provider on the Microsoft Office 365 SharePoint platform.

42Crunch

42Crunch

42Crunch provides API security testing and threat protection. We proactively test, fix and protect your APIs from development to runtime.