[CDP-development] CISA, FBI, NSA and International Partners Issue Joint Cybersecurity Advisory on Global Ransomware Trends from 2021

[MASSE, THERESA]

FYSA

With the Federal Bureau of Investigation (FBI), National Security Agency (NSA), Australian Cyber Security Centre (ACSC), and the United Kingdom’s National Cyber Security Centre (NCSC-UK), we issued a Joint Cybersecurity Advisory<https://go.usa.gov/xtGXV> outlining the growing international threat posed by ransomware over the past year. The observations in this advisory demonstrates cyber criminals’ growing technological sophistication and the increased ransomware threat to organizations globally.

The advisory titled “2021 Trends Show Increased Globalized Threat of Ransomware” outlines top trends seen across three nations including:
·       Cybercriminals are increasingly gaining access to networks via phishing, stolen Remote Desktop Protocols (RDP) credentials or brute force, and exploiting software vulnerabilities.
·       The market for ransomware became increasingly “professional” and there has been an increase in cybercriminal services-for-hire.
·       More and more, ransomware groups are sharing victim information with each other, including access to victims’ networks.
·       Cybercriminal are diversifying their approaches extorting money.
·       Ransomware groups are having an increasing impact thanks to approaches targeting the cloud, managed service providers, industrial processes and the software supply chain.
·       Ransomware groups are increasingly targeting organizations on holidays and weekends.

Phishing emails, remote desktop protocol (RDP) exploitation, and exploiting of known vulnerabilities in software remained the top three initial infection vectors for gaining access. Once a ransomware threat actor has gained network access, they can deploy ransomware.

Importantly, today’s Cybersecurity Advisory also lays out mitigations to help network defenders reduce their risk of compromise, appropriate responses to ransomware attacks, and key resources from each respective cyber agency. Immediate actions that can be taken now are ensuring timely patching of all operating software and software; implementing a user training program that includes recognizing and reporting suspicious emails; securing and monitoring remote desktop protocol, if used; and maintaining an offline backup of your data.

We are strongly encouraging every executive and leader to ensure their business, organization, or government agency is taking appropriate action to reduce their risk to ransomware. Stopransomware.gov is a dedicated website<https://www.stopransomware.gov/> established by CISA to be a one-stop hub where public and private sector partners can find U.S. federal government resources on reducing risk to ransomware or responding to a ransomware attack. CISA welcomes your feedback on this website and its contents.


Theresa A. Masse
Cyber Security Advisor, Region 10 (Oregon)
Cybersecurity and Infrastructure Security Agency
Department of Homeland Security
Phone: (503) 930-5671
Email: theresa.masse at cisa.dhs.gov<mailto:theresa.masse at cisa.dhs.gov>

[cid:image002.png at 01D81D84.8030A5B0]


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://omls.oregon.gov/pipermail/cdp-development/attachments/20220209/f698dbd8/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image002.png
Type: image/png
Size: 16152 bytes
Desc: image002.png
URL: <https://omls.oregon.gov/pipermail/cdp-development/attachments/20220209/f698dbd8/attachment-0001.png>