FBI & CISA Advice On Ransomware Attacks

The Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) have observed an increase in highly damaging ransomware attacks occurring on holidays and weekends, when offices are normally closed. 

They are encouraging all entities to examine their current cyber security posture and implement the recommended best practices and mitigations to manage the risk posed by all cyber threats, including ransomware.

The FBI has also released a warning alerting companies in the food and agricultural sector that they are at high risk for ransomware. The notification stated that the sectors contain critical infrastructures that could negatively impact the food supply chain should they be targeted by ransomware. 

Although cyber criminals use a variety of techniques to infect victims with ransomware, the two most prevalent initial access vectors are phishing and brute forcing unsecured remote desktop protocol (RDP) endpoints. Additional common means of initial infection include deployment of precursor or dropper malware; exploitation of software or operating system vulnerabilities; exploitation of managed service providers with access to customer networks; and the use of valid, stolen credentials, such as those purchased on the dark web. 

According to Alert (AA21-243A), the FBI and CISA are sharing information to provide awareness to be especially diligent in network defence practices in the run up to holidays and weekends, based on recent actor tactics, techniques, and procedures (TTPs) and cyber attacks over holidays and weekends during the past few months. Commenting on the joint Alert, the  anti-ransomware expert Jim McGann at Index Engines  made three recommendations:- 

What the return of REvil, Conti or other variants could mean for backup data:    “We have seen some of the techniques attackers have started to use including making post-attack recovery more challenging by attacking and corrupting data backups.  No doubt this will be more commonplace going forward as ransomware is being reinvented and will no doubt come back stronger and smarter."   

How companies can recover from the next attack:   “Organisations have relied on their disaster recovery software to restore their environment after an attack.  Cyber criminals know this and are focused on making this process more challenging... This includes corrupting or encrypting content or even backup images to have severe impact on the recovery process.  We have seen many weeks or months of backups being corrupted which often comes as a surprise to the organisation... The only way to ensure reliable recovery is to continually check the integrity of the backup data, this will allow for a confident and rapid recovery process.”

The best thing companies can do to prepare for the inevitable successful attack:    “Cyber criminals want businesses to cease operations and pay exorbitant ransoms to recover.  Their method of shutting down business operations is to encrypt or corrupt critical infrastructure like Active Directory, or product databases or key user content and intellectual property.  This is their target. 

"The best thing companies can do is to continually check the integrity of this content, make sure it is reliable and has not been tampered with” said McGann.

CISA:        Oodaloop:       Infosecurity Magazine

You Might Also Read: 

How to Protect Your Files From Ransomware:

 

« Apple Delays Scanning iPhones For Child Abuse
Employee Cyber Security Training Is Vital To Reduce Attacks »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Pyramid Computer

Pyramid Computer

Pyramid Computer provides custom enterprise solutions for Industrial PC, Imaging, Network, Security, POS, Indoor Positioning and Automation.

KnowBe4

KnowBe4

KnowBe4 is an integrated platform for security awareness training combined with simulated phishing attacks.

R2S Technologies

R2S Technologies

R2S can help you implement a cyber security framework to ensure your business is more resilient towards the growing threat of cyber crime. We provide Web and Mobile Application Security Assessment..

CyberProof

CyberProof

CyberProof aims to give clarity and confidence to businesses worldwide using a new risk-based approach to cyber security services.

Radically Open Security

Radically Open Security

Radically Open Security is the world's first not-for-profit computer security consultancy company.

NSA Career Development Programs

NSA Career Development Programs

NSA offers entry-level programs to help employees enhance their skills, improve their understanding of a specific discipline and even cross-train into a new career field.

OwnZap Infosec

OwnZap Infosec

OwnZap Infosec aims to digitally shield the cyberspace by offering services like Penetration Testing and Red Teaming, Infrastructure Security Testing, and Vulnerability Assessments.

SecureNation

SecureNation

SecureNation offers a wide variety of cutting-edge technologies and IT services to address almost any of your information security, network security and information assurance needs.

RealCISO

RealCISO

RealCISO is a CISO grade cloud platform to help companies understand, manage, and mitigate their cyber risk.

Arqit Quantum

Arqit Quantum

Arqit's mission is to use transformational quantum encryption technology to keep safe the data of our governments, enterprises and citizens.

ZARIOT

ZARIOT

ZARIOT's mission is to restore order to what is becoming connected chaos in IoT by bringing unrivalled security, control and quality of service.

Conosco

Conosco

Conosco are industry-leading experts throughout the UK in strategic consulting, project delivery, business communications, support, and security.

StarLink

StarLink

StarLink is an acclaimed Value-Added Distributor across the Middle East, Turkey and Africa regions with on-the-ground presence in 20 countries including UK and USA.

National Cybersecurity Alliance

National Cybersecurity Alliance

The National Cybersecurity Alliance is a non-profit organization on a mission to create a more secure, interconnected world.

QPoint Technologies

QPoint Technologies

QPoint provides solutions and consulting in areas including software engineering, testing, cybersecurity, ICT, web, mobile, project management, and complex integration processes.

Alcatel-Lucent Enterprise (ALE)

Alcatel-Lucent Enterprise (ALE)

We are Alcatel-Lucent Enterprise. Our mission is to make everything connect with digital age networking, communications and cloud solutions.