Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cybercrime

U.S. Agencies Publish Ransomware Factsheet

The National Cyber Investigative Joint Task Force (NCIJTF) on Friday released a joint-sealed ransomware factsheet detailing common attack techniques and means to ensure prevention and mitigation.

The National Cyber Investigative Joint Task Force (NCIJTF) on Friday released a joint-sealed ransomware factsheet detailing common attack techniques and means to ensure prevention and mitigation.

The factsheet has been developed by an interagency group of experts in ransomware, from more than 15 government agencies, and is meant to help increase awareness on the threat that ransomware poses to critical infrastructure.

The two-page document explains that, in addition to encrypting the data on victim systems to make it unusable, ransomware operators might also pressure victims into paying the ransom by threatening to destroy the data or release it to the public.

Ransomware attacks affect all sectors, including state, local, tribal, and territorial governments, but also impact hospitals, police, fire departments, municipalities, and other critical infrastructure.

Common ransomware infection vectors, the document explains, include email phishing campaigns (in which victims receive messages with malicious attachments or links to ransomware), remote desktop protocol (RDP) misconfigurations, and software vulnerabilities.

Ransomware has already had a great impact on the public sector, yet the total costs associated with a ransomware infection are often difficult to calculate, as they involve not only the ransom paid, but also recovery and possibly additional costs.

While one U.S. county ended up paying $132.000 to Ryuk operators to recover encrypted systems, another spent $1 million to rebuild its systems using new equipment instead of paying a $1.2 million ransom.

One U.S. city that refused to pay the 13 Bitcoin (approximately $76,000) ransom to Robin Hood ransomware operators, however, ended up spending more than $9 million to restore systems and services.

Using multi-factor authentication, ensuring that systems are always updated and patched, and keeping data, system images, and configurations backed up should help minimize risks associated with ransomware.

The FBI says that ransomware victims should not pay the ransom, as this does not guarantee that data is recovered, but instead encourages cybercriminals to target more individuals and organizations. Victims are encouraged to report attacks, to help track ransomware operators.

Related: CISA Warns Organizations About Attacks on Cloud Services

Related: FBI, CISA, ODNI Describe Response to SolarWinds Attack

Related: CISA, FBI Warn of Attacks Targeting U.S. Think Tanks

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Cybercrime

Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.

Cybercrime

The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.

Data Breaches

GoTo said an unidentified threat actor stole encrypted backups and an encryption key for a portion of that data during a 2022 breach.

CISO Strategy

Cybersecurity-related risk is a top concern, so boards need to know they have the proper oversight in place. Even as first-timers, successful CISOs make...

Cybercrime

The FBI dismantled the network of the prolific Hive ransomware gang and seized infrastructure in Los Angeles that was used for the operation.

Management & Strategy

Industry professionals comment on the recent disruption of the Hive ransomware operation and its hacking by law enforcement.

Malware & Threats

Microsoft plans to improve the protection of Office users by blocking XLL add-ins from the internet.