A joint warning has been issued by cybersecurity authorities of Australia, the U.K., and the U.S. The warning concerns rise in advanced, catastrophic ransomware attacks targeting the important infrastructure of organisations globally.
The ransomware attacks have targeted various sectors like defence, emergency services, agriculture, government facilities, IT, healthcare, financial services, education, energy, charities, legal institutions, and public services.
“Ransomware Tactics and techniques continued to evolve in 2021, which demonstrates ransomware threat actors’ growing technological sophistication and an increased ransomware threat to organizations globally,” the agencies said in the joint bulletin.
The top three initial infection vectors used for planting ransomware on targeted networks were Spear-phishing, stolen or brute-forced Remote Desktop Protocol (RDP) credentials, and exploiting software vulnerabilities. The illegal business model of planting ransomware has transformed into a “professional” market with no single group having predominance. The different groups have been competing to gain initial access, negotiate payments, and settle payment disputes.
After last year’s attacks on Colonial Pipeline, JBS, and Kaseya were highlighted by Media, attackers shifted their focus to mid-sized firms—away from “ big-game” hunting. The attackers did this to slip under the radar of law enforcement.
“After encrypting victim networks, ransomware threat actors increasingly used ‘triple extortion’ by threatening to (1) publicly release stolen sensitive information, (2) disrupt the victim’s internet access, and/or (3) inform the victim’s partners, shareholders, or suppliers about the incident,” the agencies said.
Attackers are adopting strategies to exploit to the maximum extent: Strategies like striking cloud infrastructures to exploit known weaknesses, breaching managed service providers (MSPs) to access multiple victims through one initial compromise, deploying code designed to sabotage industrial processes, poisoning the software supply chain, and conducting attacks during holidays and weekends.
“Criminal activity is motivated by financial gain, so paying a ransom may embolden adversaries to target additional organizations or encourage cybercriminals to engage in the distribution of ransomware,” the agencies cautioned. “Paying the ransom also does not guarantee that a victim’s files will be recovered. Additionally, reducing the financial gain of ransomware threat actors will help disrupt the ransomware criminal business model.”