CISA, FBI, NSA and International Partners Issue Advisory on Ransomware Trends From 2021

The Cybersecurity and Infrastructure Security Agency ("CISA"), along with the Federal Bureau of Investigation ("FBI"), National Security Agency ("NSA"), Australian Cyber Security Centre ("ACSC"), and the United Kingdom’s National Cyber Security Centre ("NCSC-UK") issued a joint Cybersecurity Advisory outlining the growing international threat posed by ransomware over the past year. 

The advisory titled “2021 Trends Show Increased Globalized Threat of Ransomware” outlines top trends seen across three nations including: 

• Cybercriminals are increasingly gaining access to networks via phishing, stolen Remote Desktop Protocols (RDP) credentials or brute force, and exploiting software vulnerabilities.
• The market for ransomware became increasingly “professional” and there has been an increase in cybercriminal services-for-hire.
• More and more, ransomware groups are sharing victim information with each other, including access to victims’ networks.
• Cybercriminal are diversifying their approaches extorting money.
• Ransomware groups are having an increasing impact thanks to approaches targeting the cloud, managed service providers, industrial processes and the software supply chain.
• Ransomware groups are increasingly targeting organizations on holidays and weekends.

Importantly, the Cybersecurity Advisory also lays out mitigations to help network defenders reduce their risk of compromise, appropriate responses to ransomware attacks, and key resources from each respective cyber agency. 

“We live at a time when every government, every business, every person must focus on the threat of ransomware and take action to mitigate the risk of becoming a victim,” said CISA Director Jen Easterly. “Reducing risk to ransomware is core to CISA’s mission as the nation’s cyber defense agency, and while we have taken strides over the past year to increase awareness of the threat, we know there is more work to be done to build collective resilience. With our NCSC-UK, ACSC, FBI, and NSA partners, we urge organizations to review this advisory, visit stopransomware.gov to take action to strengthen their cybersecurity posture, and report unusual network activity or cyber incidents to government authorities.” 

“The FBI is committed to protecting the public from the rise in ransomware attacks that we have seen in recent years,” said Assistant Director Bryan Vorndran of the FBI's Cyber Division. “With our partners in and outside of government, the FBI is working to bring all our tools to bear against these criminals. It is critical for business leaders across industries and the public to take action immediately to harden their systems and work with law enforcement to tackle this threat.” 

“When critical infrastructure is held at risk by foreign hackers operating from a safe haven in an adversary country, that’s a national security problem,” said NSA Cybersecurity Director Rob Joyce. “The ransomware scourge is a significant focus area for NSA as we generate insights alongside our partners. Network defenders should take action on the mitigations in the advisory.” 

“Ransomware remains one of the most disruptive cyber threats to organisations and individuals. This global problem requires a global solution. That is why the ACSC is joining with our US and UK partners to issue this advisory, providing a coordinated global response to counter these cyber threats. It is critical that individuals, businesses and industry follow the advice and mitigation strategies in this joint advisory to strengthen your networks and uplift your defences to protect yourselves against this threat”,” said Abigail Bradshaw CSC, Head of the Australian Cyber Security Centre. 

“Ransomware is a rising global threat with potentially devastating consequences but there are steps organisations can take to protect themselves,” said NCSC CEO Lindy Cameron. “To help ensure organisations are aware of the threat and how to defend themselves we have joined our international partners to set out the very latest threat picture alongside key advice. I strongly encourage UK CEOs and Boards to familiarise themselves with this alert and to ensure their IT teams are taking the correct actions to bolster resilience.” 

Immediate actions that can be taken now include: ensuring timely patching of all operating software; implementing a user training program that includes recognizing and reporting suspicious emails; securing and monitoring remote desktop protocol, if used; and maintaining an offline backup of your data. Organizations large and small should visit www.StopRansomware.gov, the U.S. federal government’s one-stop-shop for resources on how to protect yourself from becoming a victim of ransomware.