The FBI has issued a critical advisory in light of a surge in ransomware attacks compromising 210 organizations across various sectors.
At a Glance
- Ransomware is malicious software that encrypts files and demands a ransom for decryption. Source
- RansomHub ransomware gang has been responsible for 210 attacks since February 2024. Source
- Major targets include UnitedHealth Group and Halliburton. Source
- The FBI advises immediate protective actions including updates, multi-factor authentication, and user education. Source
- Iran-based actors continue to pose significant ransomware threats to U.S. organizations. Source
FBI Advisory on Ransomware Threat
The FBI has recently issued a critical advisory due to a sharp increase in ransomware attacks, affecting 210 organizations across multiple sectors. The advisory identifies the RansomHub ransomware gang as the main perpetrator behind these attacks, utilizing a tactic that involves both encrypting and exfiltrating data, demanding ransoms for data decryption. Major targeted sectors include IT, healthcare, finance, government, transportation, and emergency services, with notable victims being UnitedHealth Group and Halliburton.
RansomHub, formerly known as Cyclops and Knight, has been active since February 2024. This group employs double-extortion tactics that increase the stakes for their victims, as uncooperative organizations risk having their stolen data leaked publicly. The FBI advises against paying ransoms, highlighting that doing so does not guarantee the return of data and encourages further attacks. Source
The Joint Ransomware Task Force, co-chaired by the #FBI and @CISAgov, is an interagency effort to combat the growing threat of ransomware attacks, launched in response to a series of high-profile attacks on US critical infrastructure. Learn more here: https://t.co/WZQPFjTWvM pic.twitter.com/32BepmBM36
— FBI (@FBI) August 20, 2024
Nation-State Threats
Furthermore, the FBI has alerted organizations to the continued threat posed by Iran-based cyber actors, identified as Pioneer Kitten, UNC757, Parisite, Rubidium, and Lemon Sandstorm. These groups, linked to the Government of Iran and an Iranian IT company, are known for enabling ransomware attacks on U.S. entities since 2017. Their operations often involve exploiting internet-facing assets and targeting vulnerabilities in widely used products to gain initial access. Once inside, they create accounts, disable security software, and increase privileges to extend their control over the network. Source
“The FBI assesses a significant percentage of these threat actors’ operations against US organizations are intended to obtain and develop network access to then collaborate with ransomware affiliate actors to deploy ransomware,” the agencies said.
Organizations are urged to patch specific vulnerabilities and adopt robust cybersecurity measures. It is essential to educate employees on phishing attempts, install regular software updates, and implement phishing-resistant multi-factor authentication systems. The FBI also emphasizes the importance of maintaining backups and developing a comprehensive incident response strategy.
ALPHV Blackcat ransomware affiliates continue to victimize critical infrastructure entities, particularly in the healthcare sector. See new TTPs, IOCs and mitigations in an updated joint #CybersecurityAdvisory from the #FBI, @CISAgov and @HHSgov: https://t.co/Engzmmc8nd pic.twitter.com/3gA0dPXcYV
— FBI (@FBI) February 28, 2024
Conclusion
These advisories highlight the escalating threat landscape and underline the importance of proactive measures to defend against ransomware attacks. The FBI, along with its cybersecurity partners, continues to work on identifying and mitigating these threats, urging organizations to consider ransomware attacks as national security threats. Cooperation at both national and international levels is paramount to countering these sophisticated cyber adversaries and ensuring the safety of critical infrastructures.
“This alert demonstrates the close ‘international cooperation’ between hackers to exploit cyber espionage campaigns for criminal profit,” said John Riggi, AHA national advisor for cybersecurity and risk.
The coordinated response from the FBI and international cybersecurity bodies represents a crucial effort to combat the ever-evolving landscape of ransomware. Vigilance, preparedness, and strategic response planning remain key to mitigating these threats and ensuring the protection of sensitive data and operations across all sectors.
Sources
- FBI: How We Can Help You
- FBI Issues Urgent Ransomware Attack Warning—Do These 3 Things Now
- CISA and Partners Release Advisory on Iran-based Cyber Actors Enabling Ransomware Attacks on US Organizations
- Iran-based Cyber Actors Enabling Ransomware Attacks on US Organizations
- FBI: Iran working with ransomware gangs for attacks in US, Azerbaijan, UAE and Israel
- Iran-based Cyber Actors Enabling Ransomware Attacks on U.S. Organizations
- Ransomware attacks are hitting critical infrastructure more often, FBI says
- FBI, CISA Warn of Rising AvosLocker Ransomware Attacks Against Critical Infrastructure
- FBI warns of dual ransomware attacks, and other cybersecurity news to know this month
- North Korean Government Hacker Charged for Involvement in Ransomware Attacks Targeting U.S. Hospitals and Health Care Providers