Cybersecurity authorities from Australia, U.K., and U.S. have warned that there is an increase in high-impact and sophisticated ransomware attack which targets critical infrastructure organizations across the world in 2021.
A broad range of sectors is affected. Some of the affected sectors include healthcare, defense, emergency services, government facilities, legal institutions, education, etc.
The agencies stated that ransomware techniques are evolving in 2021, demonstrating ransomware threat actors’ growing technological sophistication. Also, ransomware threats to organizations have increased globally.
The top three initial infection vectors used to attack compromised networks are spear-phishing, stolen or brute-forced remote desktop protocol credentials, and exploitation of software flaws.
The wake of highly publicized attacks on JBS, kadeya, and the colonial pipeline last year has caused ransomware actors to pivot away from “ big-game” hunting in the U.S and have therefore turned their focus to mid-sized victims.
Syhunt published this week that ransomware groups have stolen over 150TB of data from victim organizations between January 2019 and January 2022. Over 44.1TB of the total stolen information from 282 victims is accounted to REvil.
Common tactics that ransomware groups use to maximize I’m pact include:
- Breaching managed service providers to access multiple victims through one initial compromise
- Striking cloud infrastructure to exploit known weaknesses
- Poisoning the software supply chain
- Deploying code designed to sabotage industrial processes
- Conducting attacks during holidays and weekends.
To reduce the likelihood and effect of ransomware attacks, organizations are recommended to do the following:
- Limit access to resources over internal networks
- Keep all operating systems and software up to date
- Encrypt data in the cloud
- Implement network segmentation
- Raise awareness about the risk of phishing
- Endorsed time-based access for privileged accounts
- Disable unnecessary command-line utilities, and restrict scripting activities and permissions
- Maintain offline backups of data
