CISA, FBI & NSA Issue Ransomware Warning Alert

The Cybersecurity and Infrastructure Security Agency (CISA), Federal Bureau of Investigation (FBI), and National Security Agency (NSA) published a cyber security advisory regarding increased Conti ransomware attacks. 

The three US federal agencies urge enterprise IT admins to review their organisations' network security posture and implement the immediate actions outlined in the joint advisory to defend against Conti ransomware. This advisory includes technical details on the threat and mitigation steps that public and private sector organisations can take to reduce their risk to this ransomware.

CISA and the FBI have observed over 400 attacks using Conti ransomware against US and international organisations to steal files, encrypt servers and workstations, and demand a ransom payment to return stolen sensitive data. The joint cyber security advisory from CISA, the FBI, and the NSA shares the tactics, techniques, and procedures associated with BlackMatter activity that could help organisations protect against the BlackMatter ransomware gang.

BlackMatter ransomware-as-a-service activity started in July with the clear goal of breaching corporate networks belonging to businesses in the US, Canada, Australia, and the UK with a revenue of at least $100 million. Conti is considered a ransomware-as-a-service (RaaS) model ransomware variant, however there is variation in its structure that differentiates it from a typical affiliate model. 

It is likely that Conti developers pay the users of the ransomware a wage rather than a percentage of the proceeds from a successful attack.

“Americans are routinely experiencing real-world consequences of the ransomware epidemic as malicious cyber actors continue to target large and small businesses, organizations, and governments,” said Eric Goldstein, Executive Assistant Director for Cybersecurity, CISA. “CISA, FBI, and NSA work tirelessly to assess cyber threats and advise our domestic and international partners on how they can reduce the risk and strengthen their own capabilities. We encourage Americans to visit stopransomware.gov to learn how to improve their own cybersecurity to mitigate risk of becoming a victim of ransomware... The FBI, along with our partners at CISA and NSA, is committed to providing resources in an effort to help public and private sector entities protect their systems against ransomware attacks,” said Assistant Director Bryan Vorndran of the FBI’s Cyber Division. 

“The cyber criminals now running the Conti ransomware-as-a-service have historically targeted critical infrastructure, such as the Defense Industrial Base (DIB), prior to Conti campaigns, and the advisory highlights actions organisations can take right now to counter the threat,” said Rob Joyce, Director of Cybersecurity at NSA. “NSA works closely with our partners, providing critical intelligence and enabling operations to counter ransomware activities. We highly recommend using the mitigations outlined in this advisory to protect against Conti malware and mitigate your risk against any ransomware attack.”

Using the MITRE ATT&CK common lexicon of adversary behavior, the advisory highlights observed Conti actors’ techniques used to conduct their exploits, such as spearphishing campaigns, remote monitoring and management software, the “PrintNightmare” vulnerability, and remote desktop software. Also, artifacts from a recently leaked threat actor “playbook” identify Internet Protocol (IP) addresses Conti actors have used for their malicious activity. Organisations should read and implement the recommended mitigations and continue to be vigilant against this ongoing ransomware threat.

If an organisation should become a victim of ransomware, CISA, FBI and NSA strongly discourage paying the ransom. Paying a ransom may embolden adversaries to target additional organisations, encourage other criminal actors to engage in the distribution of ransomware, and does not guarantee that a victim’s files will be recovered. 

As a cyber security community, one of the best ways to prevent future ransomware attacks and hold these criminals accountable is for cyber attack victims to report it.

CISA:       US-CERT:     ITPro:      Bleeping Computer:     Cyberscoop

You Might Also Read: 

GCHQ Boss Says Ransomware Attacks Have Doubled In A Year:

 

« Cambridge University Rejects £400m Over Pegasus Hacking
A Short Guide To Ransomware »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Rapid7

Rapid7

Rapid7 unites cloud risk management and threat detection to deliver results that secure your business and ensure you’re always ready for what comes next.

National Institute of Standards & Technology (NIST) - USA

National Institute of Standards & Technology (NIST) - USA

NIST is a measurement standards laboratory, and a non-regulatory agency of the United States Department of Commerce. Areas covered include IT and cybersecurity.

inBay Technologies

inBay Technologies

inBay Technologies' idQ Trust as a Service (TaaS) is a unique and innovative SaaS that eliminates the need for user names and passwords.

ObjectSecurity

ObjectSecurity

ObjectSecurity is a leader in authorization policy automation. With OpenPMF, you can manage application security policies for access control and auditing.

Clearswift

Clearswift

Clearswift is trusted by businesses, governments and defense organizations globally for its Adaptive Cyber Security and Data Loss Prevention solutions.

Aujas Cybersecurity

Aujas Cybersecurity

Aujas has deep expertise and capabilities in Identity and Access Management, Risk Advisory, Security Verification, Security Engineering, & Managed Detection and Response services.

Cyber Army Indonesia (CyberArmyID)

Cyber Army Indonesia (CyberArmyID)

Cyber Army Indonesia (CyberArmyID) is the first platform in Indonesia to collect and validate reports from hackers (referred to as Bug Hunter) regarding vulnerabilities that exist in an organization.

Cyber Forensic & Investigation (CFI)

Cyber Forensic & Investigation (CFI)

Cyber Forensic & Investigation (CFI) is recognized as Thailand’s leader in cyber investigations and digital forensics.

DeviceAssure

DeviceAssure

DeviceAssure enables organizations to reliably identify counterfeit and non-standard devices with a real-time check on a device's authenticity.

Shift5

Shift5

Shift5 focus on securing operational technology (OT) by building best-in-class, dual-use products serving military and commercial entities.

PixelPlex

PixelPlex

PixelPlex is a blockchain and custom software development company with offices and developers in New York, Geneva, and Seoul.

ACA Group

ACA Group

ACA Group are a leading governance, risk, and compliance (GRC) advisor in financial services.

InferSight

InferSight

InferSight can help you design an architecture that takes into account security, performance, availability, functionality, resiliency and future capacity to avoid technological lock in and limitations

MalwareFox

MalwareFox

MalwareFox is an advanced, yet simple-to-use anti-malware solution for Windows computers. We provide aggressive detection capabilities and an effective malware removal tool to keep your systems safe.

Mage Data

Mage Data

Mage (formerly Mentis Software) is a leading solutions provider for data security and data privacy software for global enterprises.

Core to Cloud

Core to Cloud

Core to Cloud provide consultancy and technical support for the planning and implementation of sustainable security strategies.