On February 9, 2022, multiple federal and international agencies issued a joint alert on new ransomware trends from 2021.
The alert, 2021 Trends Show Increased Globalized Threat of Ransomware (AA22-040A), was issued jointly by the Cybersecurity and Infrastructure Agency (CISA), National Security Agency, FBI, Australian Cyber Security Centre and the United Kingdom’s National Cyber Security Centre.
The alert provides a comprehensive breakdown of the top trends recorded last year by the US, Australia and UK, including:
Cybercriminals are increasingly gaining access to networks via phishing, stolen Remote Desktop Protocols (RDP) credentials or brute force, and exploiting software vulnerabilities
The market for ransomware became increasingly “professional” and there was an increase in cybercriminal services-for-hire
More and more, ransomware groups are sharing victim information with each other, including access to victims’ networks
Cybercriminals are diversifying their approaches to extorting money.
Ransomware groups are having a larger impact thanks to approaches targeting the cloud, managed service providers, industrial processes and the software supply chain.
Ransomware groups are increasingly targeting organizations on holidays and weekends.
The advisory goes more in-depth with technical trends including new tactics used to gain access to networks, information sharing, the emergence of “triple extortion” and moving away from “big-game” targets in the United States.
“We live at a time when every government, every business, every person must focus on the threat of ransomware and take action to mitigate the risk of becoming a victim,” said CISA Director Jen Easterly. “Reducing risk to ransomware is core to CISA’s mission as the nation’s cyber defense agency, and while we have taken strides over the past year to increase awareness of the threat, we know there is more work to be done to build collective resilience.”
The alert also shares how ransomware groups increased the impact of their attacks in 2021, including targeting weekends and holidays, and attacking industrial processes and software supply chain. As many recall, REvil used all three strategies to carry out the largest ransomware attack in the United States history over the 2021 Fourth of July holiday weekend.
More importantly, the alert shares mitigation recommendations from each agency to help reduce the risk and impact of a ransomware attack. Some of the top recommendations include:
Keeping all operating systems and software up to date
If you use RDP or other potentially risky services, secure and monitor them closely
If using Linux, use a Linux security module (such as SELinux, AppArmor, or SecComp) for defense in depth
The Schneider Downs cybersecurity practice consists of experts offering a comprehensive set of information technology security services, including penetration testing, intrusion prevention/detection review, ransomware security, vulnerability assessments and a robust digital forensics and incident response team. For more information, visit www.schneiderdowns.com/cybersecurity or contact the team at [email protected].
In addition, our Digital Forensics and Incident Response teams are available 24x7x365 at 1-800-993-8937 if you suspect or are experiencing a network incident of any kind.
Share
You’ve heard our thoughts… We’d like to hear yours
The Schneider Downs Our Thoughts On blog exists to create a dialogue on issues that are important to organizations and individuals. While we enjoy sharing our ideas and insights, we’re especially interested in what you may have to say. If you have a question or a comment about this article – or any article from the Our Thoughts On blog – we hope you’ll share it with us. After all, a dialogue is an exchange of ideas, and we’d like to hear from you. Email us at [email protected].
Material discussed is meant for informational purposes only, and it is not to be construed as investment, tax, or legal advice. Please note that individual situations can vary. Therefore, this information should be relied upon when coordinated with individual professional advice.
This site uses cookies to ensure that we give you the best user experience. Cookies assist in navigation, analyzing traffic and in our marketing efforts as described in our Privacy Policy.