CISA, FBI, NSA and International Agencies Issue a New Ransomware Trend Advisory

On February 9, 2022, multiple federal and international agencies issued a joint alert on new ransomware trends from 2021.

The alert, 2021 Trends Show Increased Globalized Threat of Ransomware (AA22-040A), was issued jointly by the Cybersecurity and Infrastructure Agency (CISA), National Security Agency, FBI, Australian Cyber Security Centre and the United Kingdom’s National Cyber Security Centre.

The alert provides a comprehensive breakdown of the top trends recorded last year by the US, Australia and UK, including:

• Cybercriminals are increasingly gaining access to networks via phishing, stolen Remote Desktop Protocols (RDP) credentials or brute force, and exploiting software vulnerabilities
• The market for ransomware became increasingly “professional” and there was an increase in cybercriminal services-for-hire
• More and more, ransomware groups are sharing victim information with each other, including access to victims’ networks
• Cybercriminals are diversifying their approaches to extorting money.
• Ransomware groups are having a larger impact thanks to approaches targeting the cloud, managed service providers, industrial processes and the software supply chain.
• Ransomware groups are increasingly targeting organizations on holidays and weekends.

The advisory goes more in-depth with technical trends including new tactics used to gain access to networks, information sharing, the emergence of “triple extortion” and moving away from “big-game” targets in the United States.

“We live at a time when every government, every business, every person must focus on the threat of ransomware and take action to mitigate the risk of becoming a victim,” said CISA Director Jen Easterly. “Reducing risk to ransomware is core to CISA’s mission as the nation’s cyber defense agency, and while we have taken strides over the past year to increase awareness of the threat, we know there is more work to be done to build collective resilience.”

The alert also shares how ransomware groups increased the impact of their attacks in 2021, including targeting weekends and holidays, and attacking industrial processes and software supply chain. As many recall, REvil used all three strategies to carry out the largest ransomware attack in the United States history over the 2021 Fourth of July holiday weekend. 

More importantly, the alert shares mitigation recommendations from each agency to help reduce the risk and impact of a ransomware attack. Some of the top recommendations include:

• Keeping all operating systems and software up to date
• If you use RDP or other potentially risky services, secure and monitor them closely
• If using Linux, use a Linux security module (such as SELinux, AppArmor, or SecComp) for defense in depth
• Collecting telemetry from cloud environments

The full version of the alert is available https://www.cisa.gov/uscert/ncas/alerts/aa22-040a.

Related Articles

• Three New Cybersecurity Bills Pass the House
• White House Issues Executive Order on Cybersecurity
• Largest Ransomware Attack on Record Hits During the U.S. Holiday Weekend

About Schneider Downs Cybersecurity

The Schneider Downs cybersecurity practice consists of experts offering a comprehensive set of information technology security services, including penetration testing, intrusion prevention/detection review, ransomware security, vulnerability assessments and a robust digital forensics and incident response team. For more information, visit www.schneiderdowns.com/cybersecurity or contact the team at [email protected].

In addition, our Digital Forensics and Incident Response teams are available 24x7x365 at 1-800-993-8937 if you suspect or are experiencing a network incident of any kind.