FBI & CISA Advisory - Dealing With Ransom Attacks

Uploaded on 2023-11-25 in FREE TO VIEW

The leading cyber security agencies in the US have released new data on a ransomware gang known as Scattered Spider - a criminal group that targets large companies and their contracted information technology (IT) help desks. They typically engage in data theft for extortion and have also been known to use BlackCat/ALPHV ransomware alongside their usual TTPs.

Now, the Federal Bureau of Investigation (FBI) and Cybersecurity and Infrastructure Security Agency (CISA) are releasing this joint Cybersecurity Advisory (CSA) in response to recent activity by Scattered Spider threat actors against the commercial facilities sectors and subsectors. 

This advisory provides tactics, techniques, and procedures (TTPs) obtained through FBI investigations as recently as November 2023. The FBI and CISA encourage critical infrastructure organisations to implement the recommendations in the Mitigations section of this CSA to reduce the likelihood and impact of a cyber attack by Scattered Spider actors.

Mitigations

These mitigations apply to all critical infrastructure organizations and network defenders. The FBI and CISA recommend that software manufactures incorporate secure-by-design and -default principles and tactics into their software development practices limiting the impact of ransomware techniques, thus, strengthening the secure posture for their customers.

The FBI and CISA recommend that organisations implement the mitigations below to improve your organisation’s cybersecurity posture based on the threat actor activity and to reduce the risk of compromise by Scattered Spider threat actors.

These mitigations align with the Cross-Sector Cybersecurity Performance Goals (CPGs) developed by CISA and the National Institute of Standards and Technology (NIST). The CPGs provide a minimum set of practices and protections that CISA and NIST recommend all organisations implement.

CISA and NIST have based the CPGs on existing cyber security frameworks and guidance to protect against the most common threats, tactics, techniques, and procedures.

Report Ransomware Incidents

FBI and CISA are seeking any information that can be shared, to include a sample ransom note, communications with Scattered Spider group actors, Bitcoin wallet information, decryptor files, and/or a benign sample of an encrypted file. FBI and CISA do not encourage paying ransom as payment does not guarantee victim files will be recovered.

Furthermore, payment may also embolden adversaries to target additional organisations, encourage other criminal actors to engage in the distribution of ransomware, and/or fund illicit activities.

Regardless of whether you or your organisation have decided to pay the ransom, in the USA, FBI and CISA urge you to promptly report ransomware incidents to your local FBI Field Office or to  the FBI Internet Crime Complaint Center (IC3). 

CISA:     Oodaloop:     FBI:     ic3:     The Record:     Heimdal:     The Record:     Bleeping Computer

Image: Natalia Blauth

You Might Also Read: 

Halting The Rise Of Ransomware:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

« Serious Threats To Britain's Critical Infrastructure
British Library Confirms Ransomware Attack »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

ECSC Group

ECSC Group

ECSC is a full-service information security provider, specialising in 24/7/365 security breach detection and Artificial Intelligence (AI).

Atlantic Council

Atlantic Council

The Atlantic Council's Cyber Statecraft Initiative focuses on international cooperation, competition, and conflict in cyberspace.

Qualitest Group

Qualitest Group

Qualitest is the world’s largest pure play Quality Assurance and software testing company.

KnowBe4

KnowBe4

KnowBe4 is an integrated platform for security awareness training combined with simulated phishing attacks.

Assured Information Security (AIS)

Assured Information Security (AIS)

AIS is committed to providing our customers with critical information security products, services, and training. We support diverse needs throughout business and industry.

DomainTools

DomainTools

DomainTools is the global leader for internet intelligence and the first place security practitioners go when they need to know.

Sapien Cyber

Sapien Cyber

Sapien Cyber is an Australian company bringing leading-edge cyber security and threat intelligence solutions.

GoCyber

GoCyber

GoCyber is a new, highly innovative cyber security training app that uses action based learning to significantly improve the online behaviour of all employees in less than a month.

Jobsora

Jobsora

Jobsora is an innovative job search platform in the UK and more than 35 other countries around the world. Sectors covered include IT and cybersecurity.

Kindus

Kindus

Kindus is an IT security, assurance and cyber security risk management consultancy.

Russell Reynolds Associates

Russell Reynolds Associates

Russell Reynolds Associates is a global leadership advisory and search firm with functional expertise in Digital Leadership, Data & Analytics, and Compliance.

Dhound

Dhound

Dhound is a cybersecurity company providing web application penetration testing.

Center for Information Technology Policy (CITP) - Princeton University

Center for Information Technology Policy (CITP) - Princeton University

The Center for Information Technology Policy at Princeton University is a nexus of expertise in technology, engineering, public policy, and the social sciences.

Nuts Technologies

Nuts Technologies

Nuts Technologies are simplifying data privacy and encryption with our innovative and novel data containers we call nuts based on our Zero Trust Data framework.

HLB Mann Judd (Fiji)

HLB Mann Judd (Fiji)

HLB Mann Judd (Fiji) (formerly known as HLB Crosbie & Associates) is a well-established firm of accountants and business advisers in Fiji.

CodeShield

CodeShield

CodeShield is a SaaS that helps software developers and security teams secure IAM in the public cloud. With us, you detect IAM privilege escalations easily and achieve least privilege.