Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cybercrime

U.S. Agencies Publish Ransomware Factsheet

The National Cyber Investigative Joint Task Force (NCIJTF) on Friday released a joint-sealed ransomware factsheet detailing common attack techniques and means to ensure prevention and mitigation.

The National Cyber Investigative Joint Task Force (NCIJTF) on Friday released a joint-sealed ransomware factsheet detailing common attack techniques and means to ensure prevention and mitigation.

The factsheet has been developed by an interagency group of experts in ransomware, from more than 15 government agencies, and is meant to help increase awareness on the threat that ransomware poses to critical infrastructure.

The two-page document explains that, in addition to encrypting the data on victim systems to make it unusable, ransomware operators might also pressure victims into paying the ransom by threatening to destroy the data or release it to the public.

Ransomware attacks affect all sectors, including state, local, tribal, and territorial governments, but also impact hospitals, police, fire departments, municipalities, and other critical infrastructure.

Common ransomware infection vectors, the document explains, include email phishing campaigns (in which victims receive messages with malicious attachments or links to ransomware), remote desktop protocol (RDP) misconfigurations, and software vulnerabilities.

Ransomware has already had a great impact on the public sector, yet the total costs associated with a ransomware infection are often difficult to calculate, as they involve not only the ransom paid, but also recovery and possibly additional costs.

While one U.S. county ended up paying $132.000 to Ryuk operators to recover encrypted systems, another spent $1 million to rebuild its systems using new equipment instead of paying a $1.2 million ransom.

One U.S. city that refused to pay the 13 Bitcoin (approximately $76,000) ransom to Robin Hood ransomware operators, however, ended up spending more than $9 million to restore systems and services.

Advertisement. Scroll to continue reading.

Using multi-factor authentication, ensuring that systems are always updated and patched, and keeping data, system images, and configurations backed up should help minimize risks associated with ransomware.

The FBI says that ransomware victims should not pay the ransom, as this does not guarantee that data is recovered, but instead encourages cybercriminals to target more individuals and organizations. Victims are encouraged to report attacks, to help track ransomware operators.

Related: CISA Warns Organizations About Attacks on Cloud Services

Related: FBI, CISA, ODNI Describe Response to SolarWinds Attack

Related: CISA, FBI Warn of Attacks Targeting U.S. Think Tanks

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Don’t miss this Live Attack demonstration to learn how hackers operate and gain the knowledge to strengthen your defenses.

Register

Join us as we share best practices for uncovering risks and determining next steps when vetting external resources, implementing solutions, and procuring post-installation support.

Register

People on the Move

Shanta Kohli has been named CMO at Sysdig.

Cloud security firm Sysdig has appointed Sergej Epp as CISO.

F5 has appointed John Maddison as Chief Product Marketing and Technology Alliances Officer.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.