In 2021, 14 of the 16 U.S. critical infrastructure sectors were hit with ransomware, according to the CISA, FBI and NSA in a new report. And it’s not just happening the U.S., Australia’s critical infrastructure entities have been hit, as well as in the U.K.
The education sector was one of the top U.K. sectors targeted by ransomware attacks, according to cyber security officials. The U.K. has also seen ransomware attacks targeting businesses, charities, legal profession, public services, government, and the health sector.
Ransomware tactics and techniques are continuing to evolve and place an immediate threat to organizations globally.
Cyber security authorities have noted and rounded up the following behaviors and trends among cybercriminals:
Cyber criminals are increasingly gaining access to networks via phishing, stolen remote desktop protocols (RDP) credentials or brute force, and exploiting vulnerabilities. Phishing emails, RDP exploitation, and exploitation of software vulnerabilities remain the top three initial infection vectors for ransomware incidents in 2021, according to CISA. The increased use of remote work that started in 2020 has attributed to this.
Using cyber criminals for hire. Officials warn that the market for ransomware is becoming increasingly professional. In addition to the increased use of ransomware-as-a-service, ransomware threat actors have set up independent services to negotiate payments with victims, assist victims with making payments, and arbitrate payment disputes between themselves and other cybercriminals.
U.K. officials have also observed ransomware threat actors offering their victims to services of a 24/7 help center to expedite ransom payments and the restoration of encrypted systems or data.
Related: Education Is The Most Targeted For Ransomware
Officials continue to warn to never pay a ransom; it confirms the viability and financial attractiveness of the lucrative criminal business model.
Shift from large organizations to mid-size companies. In the first half of 2021, cyber security authorities in the U.S. and Australia observed ransomware threat actors targeting large organizations (e.g. Colonial Pipeline, JBS foods and Kaseya). The FBI is now observing ransomware threat actors redirecting ransomware efforts away from large organizations to mid-sized victims to reduce scrutiny.
Triple extortion threats. Once threat actors encrypt a victims’ network, they then threaten to publicly release sensitive information or disrupt the victims’ internet access. Lastly, they will threat to inform the victims partners, shareholders or suppliers about the incident.
Ransomware groups have increased their impact by targeting the cloud, targeting managed service providers, attacking industrial processes, and attacking the software supply chain, and targeting organizations on holidays and weekends.
Here’s a short list of actions IT pros can take now to protect against ransomware:
- Update operating systems and software
- Implement user training and fishing exercises to raise awareness about their risk of suspicious links and attachments
- If you use remote desktop protocol, secure, and monitor it
- Make an offline backup of all data
- Use multifactor authentication
For more information on mitigations and how to respond to a ransomware attack, read CISA’s Alert (AA22-040A).
If you enjoyed this article and want to receive more valuable industry content like this, click here to sign up for our digital newsletters!
Leave a Reply