Excerpts from an FBI March 30, 2022 bulletin:
"Recent reporting indicates ransomware incidents against local governments resulted in
disruptions to public and health services, emergency and safety operations, and the
compromise of personal data. These types of attacks can have significant repercussions for local
communities by straining financial and operational resources and putting residents at risk for
further exploitation"
Ransomware tactics have and will continue to evolve as noted in the February 2022 Joint
Cybersecurity Advisory (CSA) by government agencies in the United States, Australia, and the United Kingdom.
The top three initial infection vectors in 2021 were
- Phishing emails
- Remote desktop protocol exploitation
- Software vulnerability exploitation.
These were likely exacerbated by the continued remote work and learning environments which expanded the attack surface and challenged network defenders. In 2021, actors expanded their targeting tactics and widened the scope of victimization potential by
- implementing service-for-hire business models
- sharing victim information among actor groups
- diversifying extortion strategies
- attacking upstream/downstream accesses and data sources such as
- cloud infrastructure
- managed service providers
- software supply chain
Recommendations
- The FBI does not encourage paying ransoms.
- Payment does not guarantee files will be recovered.
- It may also embolden adversaries to
- target additional organizations
- encourage other criminal actors to engage in the distribution of ransomware, and/or
- fund illicit activities.
However, the FBI understands that when victims are faced with an inability to function, all
options are evaluated to protect shareholders, employees, and customers. Regardless of
whether your organization decides to pay the ransom, the FBI urges you to report ransomware
incidents as soon as possible to your local FBI field office (www.fbi.gov/contact-us/field-offices).
In addition to the items above, the FBI recommends GFS organizations consider the following:
- Keep all operating systems and software up to date
- Implement a user training program and phishing exercises
- Require strong, unique passwords for all accounts with password logins
- Require multi-factor authentication (MFA)
- Maintain offline (i.e., physically disconnected) backups of data, and regularly test
backup and restoration - Ensure all backup data is encrypted
- If you use RDP or other potentially risky services, secure and monitor them closely
- Protect cloud storage by backing up to multiple locations, requiring MFA for access,
and encrypting data in the cloud - If using Linux, use a Linux security module (such as SELinux, AppArmor, or SecComp)
for defense in depth
More News from Calabasas
- Netflix Is a Joke Festival: May 1st-12th All 40 venues for "Netflix Is a Joke" Comedy Festival: Los Angeles May 1-12 skip the San Fernando Valley; home to 45% of L.A.'s 4 million people. 540+ comedians missing the SFV!
- Patents Issued to West of SFV Inventors/Companies: Week 16 2024 6 patents were issued to inventors/businesses adjacent to the SFV. Some suit the general public such as a beverage container with active temperature controls!