CISA, FBI & NSA Issue Ransomware Warning Alert

Uploaded on 2021-10-27 in TECHNOLOGY--Resilience, GOVERNMENT-Law Enforcement, FREE TO VIEW

The Cybersecurity and Infrastructure Security Agency (CISA), Federal Bureau of Investigation (FBI), and National Security Agency (NSA) published a cyber security advisory regarding increased Conti ransomware attacks. 

The three US federal agencies urge enterprise IT admins to review their organisations' network security posture and implement the immediate actions outlined in the joint advisory to defend against Conti ransomware. This advisory includes technical details on the threat and mitigation steps that public and private sector organisations can take to reduce their risk to this ransomware.

CISA and the FBI have observed over 400 attacks using Conti ransomware against US and international organisations to steal files, encrypt servers and workstations, and demand a ransom payment to return stolen sensitive data. The joint cyber security advisory from CISA, the FBI, and the NSA shares the tactics, techniques, and procedures associated with BlackMatter activity that could help organisations protect against the BlackMatter ransomware gang.

BlackMatter ransomware-as-a-service activity started in July with the clear goal of breaching corporate networks belonging to businesses in the US, Canada, Australia, and the UK with a revenue of at least $100 million. Conti is considered a ransomware-as-a-service (RaaS) model ransomware variant, however there is variation in its structure that differentiates it from a typical affiliate model. 

It is likely that Conti developers pay the users of the ransomware a wage rather than a percentage of the proceeds from a successful attack.

“Americans are routinely experiencing real-world consequences of the ransomware epidemic as malicious cyber actors continue to target large and small businesses, organizations, and governments,” said Eric Goldstein, Executive Assistant Director for Cybersecurity, CISA. “CISA, FBI, and NSA work tirelessly to assess cyber threats and advise our domestic and international partners on how they can reduce the risk and strengthen their own capabilities. We encourage Americans to visit stopransomware.gov to learn how to improve their own cybersecurity to mitigate risk of becoming a victim of ransomware... The FBI, along with our partners at CISA and NSA, is committed to providing resources in an effort to help public and private sector entities protect their systems against ransomware attacks,” said Assistant Director Bryan Vorndran of the FBI’s Cyber Division. 

“The cyber criminals now running the Conti ransomware-as-a-service have historically targeted critical infrastructure, such as the Defense Industrial Base (DIB), prior to Conti campaigns, and the advisory highlights actions organisations can take right now to counter the threat,” said Rob Joyce, Director of Cybersecurity at NSA. “NSA works closely with our partners, providing critical intelligence and enabling operations to counter ransomware activities. We highly recommend using the mitigations outlined in this advisory to protect against Conti malware and mitigate your risk against any ransomware attack.”

Using the MITRE ATT&CK common lexicon of adversary behavior, the advisory highlights observed Conti actors’ techniques used to conduct their exploits, such as spearphishing campaigns, remote monitoring and management software, the “PrintNightmare” vulnerability, and remote desktop software. Also, artifacts from a recently leaked threat actor “playbook” identify Internet Protocol (IP) addresses Conti actors have used for their malicious activity. Organisations should read and implement the recommended mitigations and continue to be vigilant against this ongoing ransomware threat.

If an organisation should become a victim of ransomware, CISA, FBI and NSA strongly discourage paying the ransom. Paying a ransom may embolden adversaries to target additional organisations, encourage other criminal actors to engage in the distribution of ransomware, and does not guarantee that a victim’s files will be recovered. 

As a cyber security community, one of the best ways to prevent future ransomware attacks and hold these criminals accountable is for cyber attack victims to report it.

CISA:       US-CERT:     ITPro:      Bleeping Computer:     Cyberscoop

You Might Also Read: 

GCHQ Boss Says Ransomware Attacks Have Doubled In A Year:

 

« Cambridge University Rejects £400m Over Pegasus Hacking
A Short Guide To Ransomware »

CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Gamma

Gamma

Gamma is a leading provider of Unified Communications as a Service (UCaaS) into the UK, Dutch, Spanish and German business markets.

Center for a New American Security (CNAS)

Center for a New American Security (CNAS)

CNAS is the nation's leading research institution focused on defense and national security policy. Cyber security issues are an intrinsic element of the national security debate.

Adlink Technology

Adlink Technology

ADLINK is a leading provider of embedded computing products and services for applications including IoT and industrial automation.

Early Warning Services

Early Warning Services

Early Warning is committed to providing awareness, education, and enablement around fraud prevention.

Core Security

Core Security

Core Security provides threat-aware identity, access, authentication and vulnerability management solutions.

Cofrac

Cofrac

Cofrac is the national accreditation body for France. The directory of members provides details of organisations offering certification services for ISO 27001.

ISMS Accreditation Center (ISMS-AC)

ISMS Accreditation Center (ISMS-AC)

ISMS-AC is the national accreditation body for Japan. The directory of members provides details of organisations offering certification services for ISO 27001.

Cypherix

Cypherix

Cypherix is tightly focused on cryptography and data security. We leverage our expertise to deliver state-of-the-art, world-class encryption software packages.

Next Peak

Next Peak

Next Peak provides cyber advisory and operational services based on deep business and national security experience, thought leadership, and a network of front-line defenders.

Alcon Maddox

Alcon Maddox

Alcon Maddox is a niche recruitment and executive search firm specialised in sourcing exceptional Cyber Security sales and commercial leadership talent. Serving clients across the Middle East & Europe

Sycope

Sycope

Sycope is focused on designing and developing highly specialised IT solutions for monitoring and improving network and application performance.

Qevlar AI

Qevlar AI

Qevlar AI empowers SOC teams, to eliminate redundant tasks and refocus on what truly matters - making the most of every employee within the SecOps team.

Adaptiva

Adaptiva

Adaptiva, the autonomous endpoint management company, delivers the fastest way to patch and manage endpoints at scale.

VAST Data

VAST Data

The VAST Data Platform delivers scalable performance, radically simple data management and enhanced productivity for the AI-powered world.

SentryMark

SentryMark

Stay a Step Ahead of Emerging Threats. Deviate from the traditional siloed defenses and get the proactive and responsive cybersecurity solutions and services you deserve with SentryMark today.

Uninets

Uninets

UniNets mission is to provide IT professionals with high-quality, accessible, and relevant e-learning courses that enable them to stay ahead of the curve in their industry.