The National Cyber Investigative Joint Task Force (NCIJTF) published a ransomware fact sheet to increase awareness regarding the ransomware attack threats and offer information that could be used to avoid and offset attacks.
An interagency group of over 15 government agencies created the fact sheet, which is mainly designed for use by state, local, tribal and territorial governments, fire and police departments, and critical infrastructure agencies. The factsheet was introduced for the “Reduce the Risk of Ransomware Campaign” introduced by the DHS’ Cybersecurity and Infrastructure Security Agency (CISA) last January 2021.
The fact sheet provides information such as:
- the effect of ransomware attacks on the public segment
- data on U.S. government initiatives to fight ransomware threats
- the most prevalent methods utilized by threat actors to get access to systems to set up ransomware payloads, which include phishing emails and vulnerabilities in the Remote Desktop Protocol (RDP) and software.
Phishing emails consist of either a malicious hyperlink or file attachment. When a user clicks to view the attachment or goes to the hyperlink, a code is executed to download a malicious payload. The payload could be ransomware or a malware variant that will eventually be utilized to deploy the ransomware. A new report from Coveware states that phishing emails are currently the more often used for ransomware delivery compared to exploiting RDP vulnerabilities.
The exploitation of RDP vulnerabilities enables remote workers to gain access to resources and information online. Brute force techniques are frequently employed to guess weak passwords. Sometimes attackers buy stolen credentials on darknet marketplaces to remotely access networks and set up malware or ransomware. Although not as common, attackers also exploit software vulnerabilities to control victim systems and release ransomware.
A lot of the latest ransomware attacks were extremely sophisticated and targeted. Although it is impossible to do away with risk completely, the majority of ransomware attacks may be averted through these cybersecurity best practices.
NCIJTF recommends:
- Backing up information, checking backups, and making sure a copy is stored safely offline.
- Employing multifactor authentication.
- Updating and patching all software programs and systems.
- Making sure security solutions like antivirus software programs are up to date.
- Creating, examining, and evaluating an incident response plan.
The ransomware fact sheet is available here.
More information on stopping and mitigating ransomware attacks could be accessed on CISA’s page.