FBI & CISA Advisory - Dealing With Ransom Attacks

Uploaded on 2023-11-25 in FREE TO VIEW

The leading cyber security agencies in the US have released new data on a ransomware gang known as Scattered Spider - a criminal group that targets large companies and their contracted information technology (IT) help desks. They typically engage in data theft for extortion and have also been known to use BlackCat/ALPHV ransomware alongside their usual TTPs.

Now, the Federal Bureau of Investigation (FBI) and Cybersecurity and Infrastructure Security Agency (CISA) are releasing this joint Cybersecurity Advisory (CSA) in response to recent activity by Scattered Spider threat actors against the commercial facilities sectors and subsectors. 

This advisory provides tactics, techniques, and procedures (TTPs) obtained through FBI investigations as recently as November 2023. The FBI and CISA encourage critical infrastructure organisations to implement the recommendations in the Mitigations section of this CSA to reduce the likelihood and impact of a cyber attack by Scattered Spider actors.

Mitigations

These mitigations apply to all critical infrastructure organizations and network defenders. The FBI and CISA recommend that software manufactures incorporate secure-by-design and -default principles and tactics into their software development practices limiting the impact of ransomware techniques, thus, strengthening the secure posture for their customers.

The FBI and CISA recommend that organisations implement the mitigations below to improve your organisation’s cybersecurity posture based on the threat actor activity and to reduce the risk of compromise by Scattered Spider threat actors.

These mitigations align with the Cross-Sector Cybersecurity Performance Goals (CPGs) developed by CISA and the National Institute of Standards and Technology (NIST). The CPGs provide a minimum set of practices and protections that CISA and NIST recommend all organisations implement.

CISA and NIST have based the CPGs on existing cyber security frameworks and guidance to protect against the most common threats, tactics, techniques, and procedures.

Report Ransomware Incidents

FBI and CISA are seeking any information that can be shared, to include a sample ransom note, communications with Scattered Spider group actors, Bitcoin wallet information, decryptor files, and/or a benign sample of an encrypted file. FBI and CISA do not encourage paying ransom as payment does not guarantee victim files will be recovered.

Furthermore, payment may also embolden adversaries to target additional organisations, encourage other criminal actors to engage in the distribution of ransomware, and/or fund illicit activities.

Regardless of whether you or your organisation have decided to pay the ransom, in the USA, FBI and CISA urge you to promptly report ransomware incidents to your local FBI Field Office or to  the FBI Internet Crime Complaint Center (IC3). 

CISA:     Oodaloop:     FBI:     ic3:     The Record:     Heimdal:     The Record:     Bleeping Computer

Image: Natalia Blauth

You Might Also Read: 

Halting The Rise Of Ransomware:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

« Serious Threats To Britain's Critical Infrastructure
British Library Confirms Ransomware Attack »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 7,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

SSL247

SSL247

SSL247 is Europe's leading Web Security Consultancy Firm. We enjoy long-standing partnerships with Certificate Authorities including Symantec, GlobalSign, Entrust Datacard, Comodo, Thales and Qualys.

BCS, The chartered Institute for IT

BCS, The chartered Institute for IT

BCS provides IT professionals with up to date and relevant certifications enabling them to manage IT security effectively within their budget.

Axial

Axial

Axial Systems is one of the UK’s leading solution providers and systems integrators in network, security and services.

Censornet

Censornet

Censornet's autonomous, integrated cloud security gives mid-market organisations the confidence and control of enterprise-grade cyber protection.

Visa

Visa

Visa is a global payments technology company that connects consumers, businesses and banks in more than 200 countries and territories worldwide.

TokenOne

TokenOne

TokenOne is a Cyber Security software company that makes it easy to replace passwords, tokens and other forms of authentication with a more secure solution.

FinlayJames

FinlayJames

FinlayJames supports cyber security companies to meet the increasing demand and pressure on them by finding top talent within the industry for their sales, marketing and technical teams.

Axcient

Axcient

Axcient offers MSPs the most secure backup and disaster recovery technology stack with a proven Business Availability suite.

Montreal International

Montreal International

You’re an entrepreneur planning to launch a company in an innovative sector such as AI, cybersecurity, 'deeptech' or fintech? You’ve found the right place!

Seavus Accelerator

Seavus Accelerator

Seavus Accelerator's goal is to create an enabling and stimulating environment for start-ups growth and provide continuous high quality acceleration and investment support.

DNX Ventures

DNX Ventures

Based in Silicon Valley and Tokyo, DNX Ventures is an early stage VC for B2B startups in sectors including Cybersecurity.

MCPc

MCPc

MCPc improves the security and well-being of our clients. We protect data, manage the complexity and sustainability of technology, empower employee performance, and ultimately reduce business risk.

Future Technology Systems Company (FutureTEC)

Future Technology Systems Company (FutureTEC)

FutureTEC is a leading Information Technology Solutions Provider, delivering world-class Information Security, Information Management, and Business Solutions.

DoControl

DoControl

DoControl gives organizations the automated, self-service tools they need for SaaS applications data access monitoring, orchestration, and remediation.

Munio

Munio

Munio is a leading Fortified IT Support and Cyber Security companies in the south east of the UK.

RealmOne

RealmOne

RealmOne addresses the most challenging issues in the realms of defense and cyberspace, adapting to the continuously changing demands of our national security customers.