<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<meta name="Generator" content="Microsoft Word 15 (filtered medium)">
<!--[if !mso]><style>v\:* {behavior:url(#default#VML);}
o\:* {behavior:url(#default#VML);}
w\:* {behavior:url(#default#VML);}
.shape {behavior:url(#default#VML);}
</style><![endif]--><style><!--
/* Font Definitions */
@font-face
        {font-family:"Cambria Math";
        panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
        {font-family:Calibri;
        panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
        {font-family:"Franklin Gothic Book";
        panose-1:2 11 5 3 2 1 2 2 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
        {margin:0in;
        font-size:11.0pt;
        font-family:"Calibri",sans-serif;}
a:link, span.MsoHyperlink
        {mso-style-priority:99;
        color:blue;
        text-decoration:underline;}
.MsoChpDefault
        {mso-style-type:export-only;
        font-size:10.0pt;}
@page WordSection1
        {size:8.5in 11.0in;
        margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
        {page:WordSection1;}
/* List Definitions */
@list l0
        {mso-list-id:184101342;
        mso-list-template-ids:-1340297958;}
@list l0:level1
        {mso-level-number-format:bullet;
        mso-level-text:;
        mso-level-tab-stop:.5in;
        mso-level-number-position:left;
        text-indent:-.25in;
        mso-ansi-font-size:10.0pt;
        font-family:Symbol;}
@list l0:level2
        {mso-level-number-format:bullet;
        mso-level-text:;
        mso-level-tab-stop:1.0in;
        mso-level-number-position:left;
        text-indent:-.25in;
        mso-ansi-font-size:10.0pt;
        font-family:Symbol;}
@list l0:level3
        {mso-level-number-format:bullet;
        mso-level-text:;
        mso-level-tab-stop:1.5in;
        mso-level-number-position:left;
        text-indent:-.25in;
        mso-ansi-font-size:10.0pt;
        font-family:Symbol;}
@list l0:level4
        {mso-level-number-format:bullet;
        mso-level-text:;
        mso-level-tab-stop:2.0in;
        mso-level-number-position:left;
        text-indent:-.25in;
        mso-ansi-font-size:10.0pt;
        font-family:Symbol;}
@list l0:level5
        {mso-level-number-format:bullet;
        mso-level-text:;
        mso-level-tab-stop:2.5in;
        mso-level-number-position:left;
        text-indent:-.25in;
        mso-ansi-font-size:10.0pt;
        font-family:Symbol;}
@list l0:level6
        {mso-level-number-format:bullet;
        mso-level-text:;
        mso-level-tab-stop:3.0in;
        mso-level-number-position:left;
        text-indent:-.25in;
        mso-ansi-font-size:10.0pt;
        font-family:Symbol;}
@list l0:level7
        {mso-level-number-format:bullet;
        mso-level-text:;
        mso-level-tab-stop:3.5in;
        mso-level-number-position:left;
        text-indent:-.25in;
        mso-ansi-font-size:10.0pt;
        font-family:Symbol;}
@list l0:level8
        {mso-level-number-format:bullet;
        mso-level-text:;
        mso-level-tab-stop:4.0in;
        mso-level-number-position:left;
        text-indent:-.25in;
        mso-ansi-font-size:10.0pt;
        font-family:Symbol;}
@list l0:level9
        {mso-level-number-format:bullet;
        mso-level-text:;
        mso-level-tab-stop:4.5in;
        mso-level-number-position:left;
        text-indent:-.25in;
        mso-ansi-font-size:10.0pt;
        font-family:Symbol;}
ol
        {margin-bottom:0in;}
ul
        {margin-bottom:0in;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang="EN-US" link="blue" vlink="purple" style="word-wrap:break-word">
<div class="WordSection1">
<p class="MsoNormal">FYSA<o:p></o:p></p>
<p class="MsoNormal" style="vertical-align:baseline"><span style="font-family:"Franklin Gothic Book",sans-serif"> <o:p></o:p></span></p>
<p class="MsoNormal" style="vertical-align:baseline"><span style="font-family:"Franklin Gothic Book",sans-serif;color:black">With the Federal Bureau of Investigation (FBI), National Security Agency (NSA), Australian Cyber Security Centre (ACSC), and the United
 Kingdom’s National Cyber Security Centre (NCSC-UK), we issued a </span><span style="font-family:"Franklin Gothic Book",sans-serif"><a href="https://go.usa.gov/xtGXV" target="_blank"><span style="color:#0563C1">Joint Cybersecurity Advisory</span></a><span style="color:black"> outlining the growing
 international threat posed by ransomware over the past year. The observations in this advisory demonstrates cyber criminals’ growing technological sophistication and the increased ransomware threat to organizations globally. </span><o:p></o:p></span></p>
<p class="MsoNormal" style="vertical-align:baseline"><span style="font-family:"Franklin Gothic Book",sans-serif;color:black"> </span><span style="font-family:"Franklin Gothic Book",sans-serif"><o:p></o:p></span></p>
<p class="MsoNormal" style="vertical-align:baseline"><span style="font-family:"Franklin Gothic Book",sans-serif;color:black">The advisory titled “2021 Trends Show Increased Globalized Threat of Ransomware” outlines top trends seen across three nations including:  </span><span style="font-family:"Franklin Gothic Book",sans-serif"><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:.75in;text-indent:-.25in;mso-list:l0 level1 lfo2;vertical-align:baseline">
<![if !supportLists]><span style="font-size:10.0pt;font-family:Symbol"><span style="mso-list:Ignore">·<span style="font:7.0pt "Times New Roman"">      
</span></span></span><![endif]><span style="font-family:"Franklin Gothic Book",sans-serif;color:black">Cybercriminals are increasingly gaining access to networks via phishing, stolen Remote Desktop Protocols (RDP) credentials or brute force, and exploiting
 software vulnerabilities. </span><span style="font-family:"Franklin Gothic Book",sans-serif"><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:.75in;text-indent:-.25in;mso-list:l0 level1 lfo2;vertical-align:baseline">
<![if !supportLists]><span style="font-size:10.0pt;font-family:Symbol"><span style="mso-list:Ignore">·<span style="font:7.0pt "Times New Roman"">      
</span></span></span><![endif]><span style="font-family:"Franklin Gothic Book",sans-serif;color:black">The market for ransomware became increasingly “professional” and there has been an increase in cybercriminal services-for-hire. </span><span style="font-family:"Franklin Gothic Book",sans-serif"><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:.75in;text-indent:-.25in;mso-list:l0 level1 lfo2;vertical-align:baseline">
<![if !supportLists]><span style="font-size:10.0pt;font-family:Symbol"><span style="mso-list:Ignore">·<span style="font:7.0pt "Times New Roman"">      
</span></span></span><![endif]><span style="font-family:"Franklin Gothic Book",sans-serif;color:black">More and more, ransomware groups are sharing victim information with each other, including access to victims’ networks. </span><span style="font-family:"Franklin Gothic Book",sans-serif"><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:.75in;text-indent:-.25in;mso-list:l0 level1 lfo2;vertical-align:baseline">
<![if !supportLists]><span style="font-size:10.0pt;font-family:Symbol"><span style="mso-list:Ignore">·<span style="font:7.0pt "Times New Roman"">      
</span></span></span><![endif]><span style="font-family:"Franklin Gothic Book",sans-serif;color:black">Cybercriminal are diversifying their approaches extorting money. </span><span style="font-family:"Franklin Gothic Book",sans-serif"><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:.75in;text-indent:-.25in;mso-list:l0 level1 lfo2;vertical-align:baseline">
<![if !supportLists]><span style="font-size:10.0pt;font-family:Symbol"><span style="mso-list:Ignore">·<span style="font:7.0pt "Times New Roman"">      
</span></span></span><![endif]><span style="font-family:"Franklin Gothic Book",sans-serif;color:black">Ransomware groups are having an increasing impact thanks to approaches targeting the cloud, managed service providers, industrial processes and the software
 supply chain. </span><span style="font-family:"Franklin Gothic Book",sans-serif"><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:.75in;text-indent:-.25in;mso-list:l0 level1 lfo2;vertical-align:baseline">
<![if !supportLists]><span style="font-size:10.0pt;font-family:Symbol"><span style="mso-list:Ignore">·<span style="font:7.0pt "Times New Roman"">      
</span></span></span><![endif]><span style="font-family:"Franklin Gothic Book",sans-serif;color:black">Ransomware groups are increasingly targeting organizations on holidays and weekends. </span><span style="font-family:"Franklin Gothic Book",sans-serif"><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:.75in;vertical-align:baseline"><span style="font-family:"Franklin Gothic Book",sans-serif"><o:p> </o:p></span></p>
<p class="MsoNormal" style="vertical-align:baseline"><span style="font-family:"Franklin Gothic Book",sans-serif;color:black">Phishing emails, remote desktop protocol (RDP) exploitation, and exploiting of known vulnerabilities in software remained the top three
 initial infection vectors for gaining access. Once a ransomware threat actor has gained network access, they can deploy ransomware. </span><span style="font-family:"Franklin Gothic Book",sans-serif"><o:p></o:p></span></p>
<p class="MsoNormal" style="vertical-align:baseline"><span style="font-family:"Franklin Gothic Book",sans-serif"> <o:p></o:p></span></p>
<p class="MsoNormal" style="vertical-align:baseline"><span style="font-family:"Franklin Gothic Book",sans-serif;color:black">Importantly, today’s Cybersecurity Advisory also lays out mitigations to help network defenders reduce their risk of compromise, appropriate
 responses to ransomware attacks, and key resources from each respective cyber agency. </span><span style="font-family:"Franklin Gothic Book",sans-serif">Immediate actions that can be taken now are ensuring timely patching of all operating software and software;
 implementing a user training program that includes recognizing and reporting suspicious emails; securing and monitoring remote desktop protocol, if used; and maintaining an offline backup of your data.  <o:p></o:p></span></p>
<p class="MsoNormal" style="vertical-align:baseline"><span style="font-family:"Franklin Gothic Book",sans-serif"> <o:p></o:p></span></p>
<p class="MsoNormal" style="vertical-align:baseline"><span style="font-family:"Franklin Gothic Book",sans-serif">We are strongly encouraging every executive and leader to ensure their business, organization, or government agency is taking appropriate action
 to reduce their risk to ransomware. Stopransomware.gov is a <a href="https://www.stopransomware.gov/" target="_blank"><span style="color:#0563C1;background:#E1E3E6">dedicated website</span></a></span><span style="font-family:"Arial",sans-serif"> </span><span style="font-family:"Franklin Gothic Book",sans-serif">established by
 CISA to be a one-stop hub where public and private sector partners can find U.S. federal government resources on reducing risk to ransomware or responding to a ransomware attack. CISA welcomes your feedback on this website and its contents.   <o:p></o:p></span></p>
<p class="MsoNormal" style="vertical-align:baseline"><span style="font-family:"Franklin Gothic Book",sans-serif"> <o:p></o:p></span></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"><b><span style="color:#1F497D">Theresa A. Masse<o:p></o:p></span></b></p>
<p class="MsoNormal"><span style="font-size:10.0pt;color:#1F497D">Cyber Security Advisor, Region 10 (Oregon)
<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;color:#1F497D">Cybersecurity and Infrastructure Security Agency<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;color:#1F497D">Department of Homeland Security<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;color:#1F497D">Phone: (503) 930-5671
<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;color:#1F497D">Email:</span><span style="font-size:10.0pt;color:#777777">
</span><a href="mailto:theresa.masse@cisa.dhs.gov"><span style="font-size:10.0pt;color:#0563C1">theresa.masse@cisa.dhs.gov</span></a><u><span style="font-size:10.0pt;color:#0760C1"><o:p></o:p></span></u></p>
<p class="MsoNormal"><span style="color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><img border="0" width="97" height="97" style="width:1.0138in;height:1.0138in" id="Picture_x0020_1" src="cid:image002.png@01D81D84.8030A5B0"><span style="color:#1F497D"><o:p></o:p></span></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal" style="vertical-align:baseline"><o:p> </o:p></p>
</div>
</body>
</html>