Feb 14, 2022
0 0

Increase in sophisticated, high-impact ransomware poses rising threat, warn government agencies

Written by

Skip to content ↓ | Skip to navigation ↓
Home » News » Government agencies warn of sophisticated, high-impact ransomware
A surge in “sophisticated, high impact” ransomware attacks has prompted the United States’s Cybersecurity and Infrastructure Security Agency (CISA), the UK’s National Cyber Security Centre (NCSC), and the Australian Cyber Security Center to issue a joint advisory about the techniques being used by cybercriminals to attack businesses and organisations.
Reacting to ransomware attacks against a broad range of industry sectors – including defence, financial services, IT, healthcare, education, energy, charities, and local government, the agencies warn that ransomware tactics and techniques have “continued to evolve in 2021.”
In the joint bulletin, the agencies claim that ransomware threat actors’ are demonstrating a “growing technological sophistication” which poses an “increased ransomware threat to organisations globally.”
According to the cybersecurity authorities in the United States, UK, and Australia, the top three initial infection vectors for ransomware incidents during 2021 were:
Once an attacker has gained the ability to enter a network or to execute code on a device ransomware will often be deployed. Unfortunately, it’s likely that these infection vectors will remain popular because of the increased level of remote working, which has expanded the remote attack surface and – in the words of the report – “left network defenders struggling to keep pace with routine software patching.”
In addition, the ransomware business became increasingly professional in 2021, with the increased use of Ransomware-as-a-Service (RaaS) operations, some of which are even offering 24/7 helpdesk support to victims in an attempt to expedite ransom payments.
And, as is well documented, businesses have been encouraged to open their purses by attackers threatening to leak stolen sensitive data if demands are not met.
The view of CISA, NCSC and the Australian Cyber Security Center is that as the ransomware business model continues to yield large financial returns, attacks will become more frequent. At the same time, the use of the RaaS model has made it more difficult to identify conclusively the cybercriminals behind a particular attack as there may be a complex web of developers, freelancers, and affiliates at work.
Interestingly, authorities in the United States and Australia say that they have seen a shift away from ransomware gangs targeting larger organisations such as Colonial Pipeline and JBS Foods in favour of mid-sized victims instead. This may be the result of action taken by the US authorities in mid-2021 to disrupt the activities of ransomware operators involved in the high-profile attacks.
Despite some law enforcement successes, the overall picture painted by the advisory is a gloomy one, with ransomware groups increasing their impact during 2021 by:
For more information, and for advice on how to mitigate against ransomware threats, be sure to read the Joint Cybersecurity Advisory issued by CISA, NCSC, and the Australian Cyber Security Center.
Editor’s Note: The opinions expressed in this guest author article are solely those of the contributor, and do not necessarily reflect those of Tripwire, Inc.
Categories ,
Tags , , , ,
Graham Cluley has contributed 320 posts to The State of Security.
View all posts by Graham Cluley
International Offices


Article Categories:
Cybersecurity News

Comments are closed.