The cybersecurity authorities in the United States, United Kingdom and Australia saw an increased globalized ransomware threat in 2021, the three countries said in a joint advisory on Wednesday
WASHINGTON (Pakistan Point News / Sputnik - 09th February, 2022) The cybersecurity authorities in the United States, United Kingdom and Australia saw an increased globalized ransomware threat in 2021, the three countries said in a joint advisory on Wednesday.
"The Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), and the National Security Agency (NSA) observed incidents involving ransomware against 14 of the 16 US critical infrastructure sectors, including the defense industrial base, emergency services, food and agriculture, government facilities, and Information Technology sectors," the advisory said.
The Australian authorities saw continued ransomware targeting of the nation's critical infrastructure, including the healthcare and financial systems, the advisory said. Similarly, UK cybersecurity authorities recognized ransomware as the biggest cyber threat to the country, it added.
Major trends show that cybercriminals are gaining access to networks via phishing, stolen remote desktop Protocols (RDP) credentials or by using brute force as well as are exploiting software vulnerabilities, the advisory noted.
"Phishing emails, RDP exploitation, and exploitation of software vulnerabilities remained the top three initial infection vectors for ransomware incidents in 2021. Once a ransomware threat actor has gained code execution on a device or network access, they can deploy ransomware," the advisory said.
Cybercriminals also improved their capabilities by employing independent services to negotiate payments, assist victims with making the payments and arbitrate payment disputes between themselves and other bad actors. The UK authorities said they observed some ransomware threat actors offering their victims the services of a 24/7 help center to expedite ransom payments and restore encrypted systems or data, the advisory said.
The three countries accused Eurasian-based ransomware groups of sharing victim information with each other.
"For example, after announcing its shutdown, the BlackMatter ransomware group transferred its existing victims to infrastructure owned by another group, known as Lockbit 2.0. In October 2021, Conti ransomware actors began selling access to victims' networks, enabling follow-on attacks by other cyber threat actors," the advisory said.
Cybersecurity authorities recommended that vulnerable businesses should follow a special Ransomware Response List, scan backup data with an antivirus program to check that it is free of malware and report incidents to respective agencies.
