FBI & CISA Advice On Ransomware Attacks

Uploaded on 2021-09-03 in TECHNOLOGY--Hackers, GOVERNMENT-Law Enforcement, FREE TO VIEW

The Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) have observed an increase in highly damaging ransomware attacks occurring on holidays and weekends, when offices are normally closed. 

They are encouraging all entities to examine their current cyber security posture and implement the recommended best practices and mitigations to manage the risk posed by all cyber threats, including ransomware.

The FBI has also released a warning alerting companies in the food and agricultural sector that they are at high risk for ransomware. The notification stated that the sectors contain critical infrastructures that could negatively impact the food supply chain should they be targeted by ransomware. 

Although cyber criminals use a variety of techniques to infect victims with ransomware, the two most prevalent initial access vectors are phishing and brute forcing unsecured remote desktop protocol (RDP) endpoints. Additional common means of initial infection include deployment of precursor or dropper malware; exploitation of software or operating system vulnerabilities; exploitation of managed service providers with access to customer networks; and the use of valid, stolen credentials, such as those purchased on the dark web. 

According to Alert (AA21-243A), the FBI and CISA are sharing information to provide awareness to be especially diligent in network defence practices in the run up to holidays and weekends, based on recent actor tactics, techniques, and procedures (TTPs) and cyber attacks over holidays and weekends during the past few months. Commenting on the joint Alert, the  anti-ransomware expert Jim McGann at Index Engines  made three recommendations:- 

What the return of REvil, Conti or other variants could mean for backup data:    “We have seen some of the techniques attackers have started to use including making post-attack recovery more challenging by attacking and corrupting data backups.  No doubt this will be more commonplace going forward as ransomware is being reinvented and will no doubt come back stronger and smarter."   

How companies can recover from the next attack:   “Organisations have relied on their disaster recovery software to restore their environment after an attack.  Cyber criminals know this and are focused on making this process more challenging... This includes corrupting or encrypting content or even backup images to have severe impact on the recovery process.  We have seen many weeks or months of backups being corrupted which often comes as a surprise to the organisation... The only way to ensure reliable recovery is to continually check the integrity of the backup data, this will allow for a confident and rapid recovery process.”

The best thing companies can do to prepare for the inevitable successful attack:    “Cyber criminals want businesses to cease operations and pay exorbitant ransoms to recover.  Their method of shutting down business operations is to encrypt or corrupt critical infrastructure like Active Directory, or product databases or key user content and intellectual property.  This is their target. 

"The best thing companies can do is to continually check the integrity of this content, make sure it is reliable and has not been tampered with” said McGann.

CISA:        Oodaloop:       Infosecurity Magazine

You Might Also Read: 

How to Protect Your Files From Ransomware:

 

« Apple Delays Scanning iPhones For Child Abuse
Employee Cyber Security Training Is Vital To Reduce Attacks »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

44CON

44CON

44CON is an Information Security Conference & Training event taking place in London. Designed to provide something for the business and technical Information Security professional.

Cifas

Cifas

Cifas are leaders in fraud prevention, working closely with UK law enforcement partners.

Fraunhofer Institute for Secure Information Technology (SIT)

Fraunhofer Institute for Secure Information Technology (SIT)

Fraunhofer SIT is a research centre specialising in all areas of IT security.

SafeCharge

SafeCharge

SafeCharge is a global provider of technology-based multi-channel payments services and risk management solutions for demanding businesses.

Avast Software

Avast Software

Avast Software is a security software company that develops antivirus software and internet security services.

Untangle

Untangle

Untangle provides network security products designed specifically for the below-enterprise market, safeguarding businesses, home offices, nonprofits, schools and governmental organizations.

PRESENSE Technologies

PRESENSE Technologies

PRESENSE Technologies specializes in monitoring and enforcing IT security policies at critical points in the network and on end systems.

XignSYS

XignSYS

XignSys develops innovative password-free and user-friendly Authentication solutions and electronic signature systems for B2B and B2C applications.

Center for Applied Cybersecurity Research (CACR) - University of Indiana

Center for Applied Cybersecurity Research (CACR) - University of Indiana

CACR serves Indiana and the nation by tackling cyber risk in research and other unusual environments through agile, holistic, principle-based cybersecurity.

Gallarus Industry Solutions

Gallarus Industry Solutions

Gallarus leads innovation within industrial Manufacturing, Production and Management Systems, including Cyber Security solutions specifically developed to protect against the latest cyber criminality.

Gula Tech Adventures

Gula Tech Adventures

Gula Tech Adventures invests in companies and nonprofits that help close the gap in needed technology and workforce to defend the country in cyberspace.

Telstra

Telstra

Telstra is one of the world's leading telecommunications and technology companies, offering a wider range of services from networks and cloud solutions to mobility and enterprise collaboration tools.

Cyber Crucible

Cyber Crucible

Cyber Crucible is a cybersecurity Software as a Service company definitively removing the risk of data extortion from customer environments.

Evolver

Evolver

Evolver delivers technology services and solutions that improve security, promote innovation, and maximize operational efficiency in support of government and commercial customers.

Zluri

Zluri

Zluri is a cloud-native SaaSOps platform enabling modern enterprises with SaaS Management and Identity Governance.

BuddoBot

BuddoBot

BuddoBot has been a pioneering force in cybersecurity and information technology since 2008.