Connect with us

Hi, what are you looking for?



U.S. Agencies Publish Ransomware Factsheet

The National Cyber Investigative Joint Task Force (NCIJTF) on Friday released a joint-sealed ransomware factsheet detailing common attack techniques and means to ensure prevention and mitigation.

The National Cyber Investigative Joint Task Force (NCIJTF) on Friday released a joint-sealed ransomware factsheet detailing common attack techniques and means to ensure prevention and mitigation.

The factsheet has been developed by an interagency group of experts in ransomware, from more than 15 government agencies, and is meant to help increase awareness on the threat that ransomware poses to critical infrastructure.

The two-page document explains that, in addition to encrypting the data on victim systems to make it unusable, ransomware operators might also pressure victims into paying the ransom by threatening to destroy the data or release it to the public.

Ransomware attacks affect all sectors, including state, local, tribal, and territorial governments, but also impact hospitals, police, fire departments, municipalities, and other critical infrastructure.

Common ransomware infection vectors, the document explains, include email phishing campaigns (in which victims receive messages with malicious attachments or links to ransomware), remote desktop protocol (RDP) misconfigurations, and software vulnerabilities.

Ransomware has already had a great impact on the public sector, yet the total costs associated with a ransomware infection are often difficult to calculate, as they involve not only the ransom paid, but also recovery and possibly additional costs.

While one U.S. county ended up paying $132.000 to Ryuk operators to recover encrypted systems, another spent $1 million to rebuild its systems using new equipment instead of paying a $1.2 million ransom.

One U.S. city that refused to pay the 13 Bitcoin (approximately $76,000) ransom to Robin Hood ransomware operators, however, ended up spending more than $9 million to restore systems and services.

Advertisement. Scroll to continue reading.

Using multi-factor authentication, ensuring that systems are always updated and patched, and keeping data, system images, and configurations backed up should help minimize risks associated with ransomware.

The FBI says that ransomware victims should not pay the ransom, as this does not guarantee that data is recovered, but instead encourages cybercriminals to target more individuals and organizations. Victims are encouraged to report attacks, to help track ransomware operators.

Related: CISA Warns Organizations About Attacks on Cloud Services

Related: FBI, CISA, ODNI Describe Response to SolarWinds Attack

Related: CISA, FBI Warn of Attacks Targeting U.S. Think Tanks

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment


Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Gain valuable insights from industry professionals who will help guide you through the intricacies of industrial cybersecurity.


Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.


Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.


As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.

CISO Strategy

SecurityWeek spoke with more than 300 cybersecurity experts to see what is bubbling beneath the surface, and examine how those evolving threats will present...


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...


Luxury retailer Neiman Marcus Group informed some customers last week that their online accounts had been breached by hackers.

CISO Conversations

Joanna Burkey, CISO at HP, and Kevin Cross, CISO at Dell, discuss how the role of a CISO is different for a multinational corporation...