FBI & CISA Advice On Ransomware Attacks

The Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) have observed an increase in highly damaging ransomware attacks occurring on holidays and weekends, when offices are normally closed. 

They are encouraging all entities to examine their current cyber security posture and implement the recommended best practices and mitigations to manage the risk posed by all cyber threats, including ransomware.

The FBI has also released a warning alerting companies in the food and agricultural sector that they are at high risk for ransomware. The notification stated that the sectors contain critical infrastructures that could negatively impact the food supply chain should they be targeted by ransomware. 

Although cyber criminals use a variety of techniques to infect victims with ransomware, the two most prevalent initial access vectors are phishing and brute forcing unsecured remote desktop protocol (RDP) endpoints. Additional common means of initial infection include deployment of precursor or dropper malware; exploitation of software or operating system vulnerabilities; exploitation of managed service providers with access to customer networks; and the use of valid, stolen credentials, such as those purchased on the dark web. 

According to Alert (AA21-243A), the FBI and CISA are sharing information to provide awareness to be especially diligent in network defence practices in the run up to holidays and weekends, based on recent actor tactics, techniques, and procedures (TTPs) and cyber attacks over holidays and weekends during the past few months. Commenting on the joint Alert, the  anti-ransomware expert Jim McGann at Index Engines  made three recommendations:- 

What the return of REvil, Conti or other variants could mean for backup data:    “We have seen some of the techniques attackers have started to use including making post-attack recovery more challenging by attacking and corrupting data backups.  No doubt this will be more commonplace going forward as ransomware is being reinvented and will no doubt come back stronger and smarter."   

How companies can recover from the next attack:   “Organisations have relied on their disaster recovery software to restore their environment after an attack.  Cyber criminals know this and are focused on making this process more challenging... This includes corrupting or encrypting content or even backup images to have severe impact on the recovery process.  We have seen many weeks or months of backups being corrupted which often comes as a surprise to the organisation... The only way to ensure reliable recovery is to continually check the integrity of the backup data, this will allow for a confident and rapid recovery process.”

The best thing companies can do to prepare for the inevitable successful attack:    “Cyber criminals want businesses to cease operations and pay exorbitant ransoms to recover.  Their method of shutting down business operations is to encrypt or corrupt critical infrastructure like Active Directory, or product databases or key user content and intellectual property.  This is their target. 

"The best thing companies can do is to continually check the integrity of this content, make sure it is reliable and has not been tampered with” said McGann.

CISA:        Oodaloop:       Infosecurity Magazine

You Might Also Read: 

How to Protect Your Files From Ransomware:

 

« Apple Delays Scanning iPhones For Child Abuse
Employee Cyber Security Training Is Vital To Reduce Attacks »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

WEBINAR: 2024 and Beyond: Top Six Cloud Security Trends

WEBINAR: 2024 and Beyond: Top Six Cloud Security Trends

April 4, 2024 | 11:00 AM PT: Join this webinar to find out about six emerging trends dominating the cloud cybersecurity landscape.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Resecurity, Inc.

Resecurity, Inc.

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

Panda Security

Panda Security

Panda Security specializes in the development of endpoint security products and is part of the WatchGuard portfolio of IT security solutions.

Feedzai

Feedzai

Feedzai provide software that uses big data analysis and machine-based learning to prevent fraud in ecommerce.

Computer & Communications Industry Association (CCIA)

Computer & Communications Industry Association (CCIA)

CCIA supports efforts to facilitate and streamline information sharing on cyber threats between the private sector and the Federal Government.

Cymbel

Cymbel

Cymbel provides businesses and government agencies with the tools and expertise they need to manage the most complex security and compliance challenges.

Onspring

Onspring

Onspring is the cloud-based platform of choice for governance, risk and compliance (GRC) teams and business operations experts across multiple industries.

Gemserv

Gemserv

Gemserv is a specialist market design, governance and assurance services consultancy.

RackTop Systems

RackTop Systems

RackTop Systems is the pioneer of CyberConverged data security, a new market that fuses data storage with advanced security and compliance into a single platform.

CyberUK

CyberUK

CYBERUK is the UK government’s flagship cyber security event and the authoritative event for the UK’s cyber security community.

1Password

1Password

1Password combines industry-leading security with award-winning design to bring private, secure, and user-friendly password management to everyone.

Data#3 Limited (DTL)

Data#3 Limited (DTL)

Data#3 Limited (DTL) is a leading Australian IT services and solutions provider.

Drawbridge

Drawbridge

Drawbridge is a premier provider of cybersecurity software and solutions to the alternative investment industry.

Picnic

Picnic

Picnic is a gritty, pioneering team of intelligence and cybersecurity specialists focused on solving the security challenge of our time - social engineering.

Omega Systems

Omega Systems

Omega Systems is a leading managed service provider (MSP) and managed security service provider (MSSP) to mid-market organizations.

Core4ce

Core4ce

Core4ce is a mission-oriented company that serves as a trusted partner to the national security community.

Vertek

Vertek

Vertek is a leading provider of operations consulting, end-to-end business process outsourcing, business intelligence, software applications and managed cybersecurity solutions.

SecurityBridge

SecurityBridge

SecurityBridge provide a cybersecurity connection between our customers’ IT departments, the forward-facing business services, and their SAP applications.