Authorities have warned about the global surge of ransomware campaigns

February 14, 2022
FBI Authorities Warning Global Surge Ransomware Campaigns Brute Forced RDP Spear Phishing Flaw Exploitation Extortion Cybersecurity

The FBI, NSA, and CISA from the US, Australia, and the UK have released a joint advisory regarding the increasing sophisticated ransomware campaigns worldwide. Many high-severity ransomware attacks have targeted critical infrastructure organisations in different nations last year, based on a report.

The advisory noted that the attacks did not prioritise which part of the country’s workforce should be focused on infecting. Various sectors such as emergency services, government facilities, healthcare providers, education, energy, agriculture, IT firms, public services, and legal institutions have their fair share of an espionage campaign. That is why the authorities said that the attacks did not single out a specific firm.

The top three initial infection transmitters that threat actors used to deploy ransomware on compromised networks are brute-forced RDP, flaw exploitation, and spear-phishing attacks. These three infection methods remained the most utilised vector of infection despite the growth of the criminal business model of the underground cybercriminal world.

 

The ransomware campaigns abused a three-staged extortion method.

 

The agencies also said that the ransomware threat actors abused the triple extortion method after encrypting their victims’ networks. The ransomware operators’ ways to threaten their victims are publicly releasing stolen data, disrupting their victims’ internet access, and disclosing their hacking campaign to their partners, shareholders, and suppliers.

Moreover, a report from a separate researcher stated that approximately 150TB of data had been stolen from multiple organisations by ransomware groups in three years. Oddly enough, the REvil ransomware alone has claimed about 44.1 TB out of the 150 stolen terabytes from 282 victims despite their recent shutdown.

The joint advisory of the cybersecurity authorities suggests that organisations should keep all their OS updated, limit access to the resource over internal networks, restrict RDP, use virtual desktop infrastructure, raise awareness among workers regarding phishing risks.

It is also recommended to encrypt data in the cloud, employ MFA security, disable irrelevant command-line utilities, mandate network segmentation, and secure offline backup data to mitigate the impact of an attack.

The agencies warned that ransomware attacks are significantly financially-driven. If the victims always pay for the ransom requests, it will only urge these criminals to target another entity in the future.

Furthermore, ransom payments do not guarantee that they will retrieve a victim’s stolen file. Therefore, victims should reach out to experts and law enforcement agencies before hastily paying the ransom asked by the hackers.

By reporting crimes, there will be a high chance of recovering stolen files without paying and will also disrupt the cybercriminals’ business model, reducing their financial gain and disrupting their attacks.

About the author

Leave a Reply