FBI & CISA Advice On Ransomware Attacks

The Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) have observed an increase in highly damaging ransomware attacks occurring on holidays and weekends, when offices are normally closed. 

They are encouraging all entities to examine their current cyber security posture and implement the recommended best practices and mitigations to manage the risk posed by all cyber threats, including ransomware.

The FBI has also released a warning alerting companies in the food and agricultural sector that they are at high risk for ransomware. The notification stated that the sectors contain critical infrastructures that could negatively impact the food supply chain should they be targeted by ransomware. 

Although cyber criminals use a variety of techniques to infect victims with ransomware, the two most prevalent initial access vectors are phishing and brute forcing unsecured remote desktop protocol (RDP) endpoints. Additional common means of initial infection include deployment of precursor or dropper malware; exploitation of software or operating system vulnerabilities; exploitation of managed service providers with access to customer networks; and the use of valid, stolen credentials, such as those purchased on the dark web. 

According to Alert (AA21-243A), the FBI and CISA are sharing information to provide awareness to be especially diligent in network defence practices in the run up to holidays and weekends, based on recent actor tactics, techniques, and procedures (TTPs) and cyber attacks over holidays and weekends during the past few months. Commenting on the joint Alert, the  anti-ransomware expert Jim McGann at Index Engines  made three recommendations:- 

What the return of REvil, Conti or other variants could mean for backup data:    “We have seen some of the techniques attackers have started to use including making post-attack recovery more challenging by attacking and corrupting data backups.  No doubt this will be more commonplace going forward as ransomware is being reinvented and will no doubt come back stronger and smarter."   

How companies can recover from the next attack:   “Organisations have relied on their disaster recovery software to restore their environment after an attack.  Cyber criminals know this and are focused on making this process more challenging... This includes corrupting or encrypting content or even backup images to have severe impact on the recovery process.  We have seen many weeks or months of backups being corrupted which often comes as a surprise to the organisation... The only way to ensure reliable recovery is to continually check the integrity of the backup data, this will allow for a confident and rapid recovery process.”

The best thing companies can do to prepare for the inevitable successful attack:    “Cyber criminals want businesses to cease operations and pay exorbitant ransoms to recover.  Their method of shutting down business operations is to encrypt or corrupt critical infrastructure like Active Directory, or product databases or key user content and intellectual property.  This is their target. 

"The best thing companies can do is to continually check the integrity of this content, make sure it is reliable and has not been tampered with” said McGann.

CISA:        Oodaloop:       Infosecurity Magazine

You Might Also Read: 

How to Protect Your Files From Ransomware:

 

« Apple Delays Scanning iPhones For Child Abuse
Employee Cyber Security Training Is Vital To Reduce Attacks »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

Watch this webinar to hear security experts from Amazon Web Services (AWS) and SANS break down the myths and realities of what an NGFW is, how to use one, and what it can do for your security posture.

baramundi software

baramundi software

baramundi software AG provides companies and organizations with efficient, secure, and cross-platform management of workstation environments.

Acuity Risk Management

Acuity Risk Management

Acuity Risk Management helps businesses worldwide effectively manage, prioritize and report on their risks to inform strategic and tactical decision-making and build long-term resilience.

Global Digital Forensics (GDF)

Global Digital Forensics (GDF)

GDF specialise in Digital Forensics and e-Discovery. Other services include Data Breach Response and Cyber Security.

Stott & May

Stott & May

Stott & May is a specialist cyber security recruitment agency.

TechVets

TechVets

TechVets is a non-for-profit helping UK veterans and service leavers retrain into Cyber Security and Technology jobs.

ngCERT

ngCERT

ngCERT is the National Computer Emergency Response Team for Nigeria.

DarkLight

DarkLight

DarkLight is a cybersecurity platform that mimics human thinking at scale to build resiliency to Advanced Persistent Threats.

Symantec

Symantec

Symantec delivers data-centric hybrid security for the largest, most complex organizations in the world – on devices, in private data centers, and in the cloud.

International College For Security Studies (ICSS)

International College For Security Studies (ICSS)

ICSS India offers technical education to students, clients and partners in IT Industry by our well qualified, certified and experienced trainers.

Quad9 Foundation

Quad9 Foundation

Quad9 is a free security solution that uses DNS to protect your system against the most common cyber threats. It improves your system's performance, plus, it preserves and protects your privacy.

Critical Insight

Critical Insight

Critical Insight provide Managed Detection and Response, Vulnerability Detection, and Cyber Security Consulting Services to help you secure your mission-critical systems.

Telesign

Telesign

Telesign connect, protect, and defend online experiences with sophisticated digital identity and programmable communications solutions.

Sentryc

Sentryc

Sentryc provides automated monitoring of brands on online marketplaces and social media making online brand protection processes faster, more clearly structured and more efficient.

AgilePQ

AgilePQ

AgilePQ visibly secures IoT devices worldwide to protect the privacy, safety, and well-being of all people.

Communications Fraud Control Association (CFCA)

Communications Fraud Control Association (CFCA)

CFCA is the premier International Association for fraud risk management, fraud prevention and profitability control.

SecurityBridge

SecurityBridge

SecurityBridge provide a cybersecurity connection between our customers’ IT departments, the forward-facing business services, and their SAP applications.