FBI & CISA Advice On Ransomware Attacks

The Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) have observed an increase in highly damaging ransomware attacks occurring on holidays and weekends, when offices are normally closed. 

They are encouraging all entities to examine their current cyber security posture and implement the recommended best practices and mitigations to manage the risk posed by all cyber threats, including ransomware.

The FBI has also released a warning alerting companies in the food and agricultural sector that they are at high risk for ransomware. The notification stated that the sectors contain critical infrastructures that could negatively impact the food supply chain should they be targeted by ransomware. 

Although cyber criminals use a variety of techniques to infect victims with ransomware, the two most prevalent initial access vectors are phishing and brute forcing unsecured remote desktop protocol (RDP) endpoints. Additional common means of initial infection include deployment of precursor or dropper malware; exploitation of software or operating system vulnerabilities; exploitation of managed service providers with access to customer networks; and the use of valid, stolen credentials, such as those purchased on the dark web. 

According to Alert (AA21-243A), the FBI and CISA are sharing information to provide awareness to be especially diligent in network defence practices in the run up to holidays and weekends, based on recent actor tactics, techniques, and procedures (TTPs) and cyber attacks over holidays and weekends during the past few months. Commenting on the joint Alert, the  anti-ransomware expert Jim McGann at Index Engines  made three recommendations:- 

What the return of REvil, Conti or other variants could mean for backup data:    “We have seen some of the techniques attackers have started to use including making post-attack recovery more challenging by attacking and corrupting data backups.  No doubt this will be more commonplace going forward as ransomware is being reinvented and will no doubt come back stronger and smarter."   

How companies can recover from the next attack:   “Organisations have relied on their disaster recovery software to restore their environment after an attack.  Cyber criminals know this and are focused on making this process more challenging... This includes corrupting or encrypting content or even backup images to have severe impact on the recovery process.  We have seen many weeks or months of backups being corrupted which often comes as a surprise to the organisation... The only way to ensure reliable recovery is to continually check the integrity of the backup data, this will allow for a confident and rapid recovery process.”

The best thing companies can do to prepare for the inevitable successful attack:    “Cyber criminals want businesses to cease operations and pay exorbitant ransoms to recover.  Their method of shutting down business operations is to encrypt or corrupt critical infrastructure like Active Directory, or product databases or key user content and intellectual property.  This is their target. 

"The best thing companies can do is to continually check the integrity of this content, make sure it is reliable and has not been tampered with” said McGann.

CISA:        Oodaloop:       Infosecurity Magazine

You Might Also Read: 

How to Protect Your Files From Ransomware:

 

« Apple Delays Scanning iPhones For Child Abuse
Employee Cyber Security Training Is Vital To Reduce Attacks »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

ON-DEMAND WEBINAR: Future-proof your security with Secure Access Service Edge (SASE)

ON-DEMAND WEBINAR: Future-proof your security with Secure Access Service Edge (SASE)

Watch this webinar to explore the Security orchestration, automation, and response (SOAR) paradigm, its relationship with organization IT practices, and its role in your security strategy.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Altius IT

Altius IT

Altius IT reviews your website for security vulnerabilities and provides a report identifying vulnerabilities and recommendations to make secure.

OSSEC

OSSEC

OSSEC is a scalable, multi-platform, open source Host-based Intrusion Detection System (HIDS).

Sabasai

Sabasai

Sabasai specialises in all aspects of insider threat management from training and education to building security frameworks and insider threat programs to on-site risk & vulnerability assessments.

VerSprite

VerSprite

VerSprite is a specialist information security consulting firm. We provide organizations with detection across all their attack surfaces and deliver critical insight into all possible attack methods.

STM

STM

STM provides system engineering, technical support, project management, technology transfer and logistics support services for the Turkish Armed Forces.

Prodera Group

Prodera Group

Prodera Group is a specialist technology consulting partner trusted to help navigate the complex and dynamic lifecycle of change and transformation.

CISO Global

CISO Global

CISO Global (formerly Cerberus Sentinel) are on a mission to demystify and accelerate our clients’ journey to cyber resilience, empowering organizations to securely grow, operate, and innovate.

F1 Security

F1 Security

F1 Security provides a family of web security solutions including web application firewalls, web shell detection solutions, and web shell scanners.

Tabidus Technology

Tabidus Technology

Tabidus Technology is a cybersecurity association that unites and provides the global protection options against cyber threats.

LTI - Larsen & Toubro Infotech

LTI - Larsen & Toubro Infotech

LTI is a global technology consulting and digital solutions company with operations in 33 countries.

MTI

MTI

MTI is a solutions and service provider, specialising in data & cyber security, datacentre modernisation, modern workplace, IT managed services and IT transformation services.

FourthRev

FourthRev

FourthRev is an education-technology start-up with a mission to solve the skills crisis of the Fourth Industrial Revolution.

Park Place Technologies

Park Place Technologies

Park Place Technologies' mission is to drive uptime, performance and value for critical IT infrastructure.

CertiProf

CertiProf

CertiProf has been enhancing professional lives since 2015, offering a wide range of IT certifications and agile framework training.

Cloudsec Asia

Cloudsec Asia

Cloudsec Asia is Thailand's top-ranked cybersecurity consultant company. We offers security services to ensure that all your IT assets are reliable, accessible, and secure.

Resilience

Resilience

Resilience helps to improve cyber resilience by connecting cyber insurance coverage with advanced cybersecurity visibility and a shared plan to reinforce great cyber hygiene.