Cybersecurity agencies from the U.K., the U.S. and Australia have published a joint advisory warning of an increased globalised threat of ransomware worldwide in 2021.
Almost any sector was hit by sophisticated, high-impact ransomware attacks, including the Defense Industrial Base, Emergency Services, Food and Agriculture, Government Facilities, and Information Technology Sectors.
“In 2021, cybersecurity authorities in the United States, Australia, and the United Kingdom observed an increase in sophisticated, high-impact ransomware incidents against critical infrastructure organizations globally.” reads the joint advisory. “Ransomware tactics and techniques continued to evolve in 2021, which demonstrates ransomware threat actors’ growing technological sophistication and an increased ransomware threat to organizations globally.”
The report also provides details about observed behaviors and trends among cyber criminal organizations in 2021, phishing attacks, stolen Remote Desktop Protocols (RDP) credentials or brute force, and the exploitation of vulnerabilities are the most popular infection vectors.
The agencies warn of the use of cybercriminal services-for-hire, highlighting that the market for ransomware is becoming increasingly “professional.” Ransomware gangs increased in using ransomware-as-a-service (RaaS) model, they also started employing independent services to negotiate payments, assist victims with making payments, and arbitrate payment disputes between themselves and other cyber criminals.
Another phenomenon that characterized the last year is an important shift from “big-game” hunting in the United States (i.e. Colonial Pipeline, JBS, and Kaseya) to mid-sized victims and evade the law enforcement’s scrutiny.
Law enforcement also observed ransomware gangs diversifying approaches to extorting money, such as the use of “triple extortion” by threatening to publicly release stolen sensitive information, while disrupting the victim’s internet access and/or informing the victim’s partners, shareholders, or suppliers about the security breach.
Below is the list of mitigations recommended by the cybersecurity agencies:
The agencies urge victims of ransomware to report incidents and never pay the ransom.
“Cybersecurity authorities in the United States, Australia, and the United Kingdom strongly discourage paying a ransom to criminal actors.” concludes the advisory. “Criminal activity is motivated by financial gain, so paying a ransom may embolden adversaries to target additional organizations or encourage cyber criminals to engage in the distribution of ransomware. Paying the ransom also does not guarantee that a victim’s files will be recovered. Additionally, reducing the financial gain of ransomware threat actors will help disrupt the ransomware criminal business model.”
|[adrotate banner=”9″]||[adrotate banner=”12″]|
(SecurityAffairs – hacking, ransomware)