The FBI and CISA urged organizations to not let down their defenses towards ransomware assaults throughout weekends or holidays in a joint cybersecurity advisory issued earlier immediately.
The 2 federal companies mentioned they “noticed a rise in extremely impactful ransomware assaults occurring on holidays and weekends—when workplaces are usually closed—in the US, as just lately because the Fourth of July vacation in 2021.”
Assaults on high-profile US entities carried out throughout weekends
Whereas the FBI and CISA don’t have any information relating to potential assaults inside upcoming holidays and weekends, they gave as examples the assaults on the networks of Colonial Pipeline, JBS, and Kaseya.
JBS, the world’s largest beef producer, paid an $11 million ransom to the REvil ransomware gang after a Memorial Day weekend assault.
Colonial Pipeline also paid a $4.4 million ransom to the DarkSide group (the Division of Justice later seized a DarkSide cryptocurrency pockets, recovering most of the paid ransom) after being assault proper earlier than the Mom’s Day weekend.
One month later, a large-scale REvil ransomware assault additionally hit dozens of Kaseya customers and up to 1,500 other downstream businesses over the Fourth of July weekend.
As shared by the FBI and CISA of their advisory:
- In Could 2021, main into Mom’s Day weekend, malicious cyber actors deployed DarkSide ransomware towards the IT community of a U.S.-based essential infrastructure entity within the Vitality Sector, leading to a week-long suspension of operations. After DarkSide actors gained entry to the sufferer’s community, they deployed ransomware to encrypt sufferer knowledge and—as a secondary type of extortion—exfiltrated the info earlier than threatening to publish it to additional strain victims into paying the ransom demand.
- In Could 2021, over the Memorial Day weekend, a essential infrastructure entity within the Meals and Agricultural Sector suffered a Sodinokibi/REvil ransomware assault affecting US and Australian meat manufacturing amenities, leading to an entire manufacturing stoppage.
- In July 2021, in the course of the Fourth of July vacation weekend, Sodinokibi/REvil ransomware actors attacked a U.S.-based essential infrastructure entity within the IT Sector and implementations of their distant monitoring and administration device, affecting a whole bunch of organizations—together with a number of managed service suppliers and their clients.
CISA will help defend towards ransomware assaults
In response to the joint advisory issued immediately, the next ransomware gangs are behind essentially the most regularly reported assaults to the FBI during the last month: Conti, PYSA, LockBit, RansomEXX/Defray777, Zeppelin, Crysis/Dharma/Phobos.
“Though cyber criminals use a wide range of strategies to contaminate victims with ransomware, the 2 most prevalent preliminary entry vectors are phishing and brute forcing unsecured distant desktop protocol (RDP) endpoints,” the companies mentioned.
“CISA presents a spread of no-cost cyber hygiene services—together with vulnerability scanning and ransomware readiness assessments—to assist essential infrastructure organizations assess, establish, and scale back their publicity to cyber threats.
“By profiting from these companies, organizations of any measurement will obtain suggestions on methods to cut back their threat and mitigate assault vectors.”
To dam their assaults, organizations may also take a number of actions to guard their techniques, together with:
Incoming ransomware pandemic?
This joint advisory comes after US President Biden requested Russian President Putin in July to crack down on ransomware groups operating within Russia’s borders.
Interpol also urged police agencies and industry partners to work collectively to stop what appears like a future ransomware pandemic.
Throughout a White Home briefing, White Home Press Secretary Jen Psaki additionally acknowledged that the US would take action against Russian-based ransomware gangs if “the Russian authorities can not or won’t” do it.
One month earlier, Deputy Nationwide Safety Advisor Anne Neuberger warned US companies to take ransomware seriously following the Colonial Pipeline and JBS ransomware assaults.
The identical month, G7 leaders additionally asked Russia to obstruct ransomware gangs launching assaults towards entities from essential sectors worldwide, together with US authorities companies, from inside Russia’s borders.