New Ransomware Trend – Threat Actors Plant Two Ransomware

The FBI alerts on rising ransomware trends and urges organizations to follow mitigation recommendations for minimizing ransomware risks and consequences.

In July 2023, the FBI observed two ransomware trends, and here we have mentioned them:-

• Multiple attacks on the same victim in quick succession.
• New data destruction tactics. 

Threat actors have attacked the targeted companies with two unique ransomware variants from the list of ransomware types below:-

Various combinations of variants were used that cause:- 

• Data encryption
• Data exfiltration
• Financial losses

Repeated ransomware attacks on compromised systems pose significant harm to victims. The ransomware groups escalated the use of custom data theft and wiper tools to pressure victims in early 2022. 

In 2022, hackers upgraded data theft tools to evade detection, while dormant malware struck at scheduled intervals to corrupt the data.

Identity & Access Management

Here below, we have mentioned all the key things that are required for identity and access management:-

• Mandate NIST password standards for all login accounts, including service, admin, and domain admin.
• Enforce phishing-resistant 2FA for all services, especially webmail, VPNs, and critical system access.
• Check for unfamiliar accounts in domain controllers, servers, workstations, and active directories.
• Review admin accounts, and make sure to apply minimal access.
• Always set time-based admin access.

FBI urges reporting suspicious/criminal activity to the local field office or ic3[.]gov. Include details like:-

• Date
• Time
• Location
• Activity type
• Equipment
• Company name
• Contact

The U.S. Joint Ransomware Task Force (JRTF), led by CISA and FBI, combats rising ransomware threats sparked by major attacks on critical U.S. infrastructure.

Mitigations

Here below, we have mentioned all the mitigations:-

• Maintain offline backups of data.
• Ensure all backup data is encrypted and immutable.
• Properly evaluate third-party vendor security links.
• Enforce approved program execution policies for apps and remote access.
• Track external remote connections, document approved solutions, and address unapproved installs.
• Implement a recovery plan.
• Segment networks.
• Use network monitoring to spot and investigate ransomware signs.
• Deploy, update, and activate real-time antivirus solutions on all hosts.
• Secure and closely monitor RDP use.
• Keep all operating systems, software, and firmware up to date.
• Disable unused ports.
• Consider adding an email banner to emails.
• Disable hyperlinks.
• Disable command-line and scripting activities and permissions.
• Ensure devices are properly configured.
• Make sure that all the security features are enabled.
• Ensure disabling all the unused ports and protocols.
• Limit SMB Protocol to essential servers, and disable old versions to prevent malware spread.

Protect yourself from vulnerabilities using Patch Manager Plus to quickly patch over 850 third-party applications. Take advantage of the free trial to ensure 100% security.