A joint advisory issued by the Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI) and the National Security Agency (NSA) has warned that an infamous ransomware group has targeted multiple organisations deemed critical infrastructure, including two organisations in the U.S. food and agriculture sector. The advisory includes technical details, analysis, and assessment of this cyber threat, as well as several mitigation actions that can be taken to reduce the risk to this ransomware.
Ransomware attacks against critical infrastructure entities could directly affect consumer access to critical infrastructure services; therefore, CISA, the FBI, and NSA urge all organisations, including critical infrastructure organisations, to implement the recommendations listed in the Mitigations section of this joint advisory. These mitigations will help organisations reduce the risk of compromise from ransomware attacks.
First seen in July 2021, cyber actors leveraged the ransomware attack with embedded, previously compromised credentials that enabled them to access the network and remotely encrypt hosts and shared drives. When the actors found backup data stores and appliances on the network, not stored offsite, they wiped or reformatted the data.
This advisory highlights the evolving and persistent nature of criminal cyber actors and the need for a collective public and private approach to reduce the impact and prevalence of ransomware attacks. CISA, FBI and NSA are taking every step possible to try to make it harder for cybercriminals to operate. Americans can help us in this long-term endeavour by visiting Stopransomware.gov to learn how to reduce their risk of becoming a victim of ransomware.
– Eric Goldstein, Executive Assistant Director for Cybersecurity, CISA
As reported by OpenGov Asia, StopRansomware.gov establishes a one-stop hub for ransomware resources for individuals, businesses, and other organisations. The new website is a collaborative effort across the federal government and the first joint website created to help private and public organisations mitigate their ransomware risk.
The website is the first central hub consolidating ransomware resources from all federal government agencies. Prior to today, individuals and organisations had to visit a variety of websites to find guidance, latest alerts, updates, and resources, increasing the likelihood of missing important information.
The website reduces the fragmentation of resources, which is especially detrimental for those who have become victims of an attack. The website integrates federal ransomware resources into a single platform that includes clear guidance on how to report attacks, and the latest ransomware-related alerts and threats from all participating agencies.
The FBI, along with CISA and NSA, is dedicated to preventing, disrupting, and combating the evolving ransomware threat. Unfortunately, too many ransomware incidents go unreported, and because silence benefits the cybercriminals the most, targeted entities need to contact their local FBI Field Office and speak to a cyber agent.
By reporting a cyber incident, targeted entities are enhancing the agencies’ ability to respond and investigate with the goal of disrupting cybercriminal operations. We will continue to leverage our unique authorities and capabilities to protect the American people from this threat.
The threat of ransomware goes beyond specific impacts to a victim company – it has risen to a national security issue. NSA’s technical skills and threat intelligence will continue to support its partners across government and industry to degrade adversary footholds into networks where they launch ransomware. Employing the mitigations in the joint advisory with CISA and FBI will protect networks and mitigate the risk against ransomware attacks.
CISA, FBI and NSA are unified in emphasising the value and importance for organisations to apply best practices to protect their networks, systems and data, such as (1) implement and enforce backup procedures; (2) Use strong, unique passwords; (3) Use multi-factor authentication; and (4) implement network segmentation and traversal monitoring. All organisations striving to protect their networks from a ransomware attack and ensure their systems are resilient should read the joint advisory for the full spectrum of recommended mitigations.