The FBI, CISA, ACSC, and NCSC-UK have released a joint cybersecurity advisory that addresses the continually increasing globalized threat of ransomware. They report that over 87% of the critical infrastructure sectors in the United States have been targeted by these attacks. Targeted sectors include Emergency Services, Food and Agriculture, Government, and IT sectors among others. Over the course of 2021 and into 2022, these attacks have continued to evolve, and the advisory mentions some notable trends in recent incidents.

After incidents that were categorized as "big game hunting" resulted in heavy government scrutiny and major penalties, ransomware groups have shifted tactics somewhat to target smaller victims in an effort to evade high profile federal investigations. The threat actors have also employed double and triple extortion by not only encrypting the victims' networks but also threatening to publish stolen data online, disrupt network availability, and/or disclose the incident to key stakeholders. These tactics are used in an effort to increase the chances that the victim will pay the ransom. 

Some of the tactics that continue to be observed use primary access vectors like phishing, the exploitation of remote desktop (RDP) via weak configurations or stolen credentials, and taking advantage of unpatched vulnerabilities. The advisory states these vectors remained the top three initial infection vectors in 2021. 

The impact of these attacks has increased through the adversaries' targeting of cloud infrastructure, the software supply chain, managed service providers, industrial processes, and strategic timing such as initiating attacks on holidays or weekends. 

Recommended mitigations to reduce the risk of a successful attack include patching diligence, password requirements and implementation of multifactor authentication (MFA), user security and awareness training, secured and monitored RDP use, and adequately securing and monitoring Linux and cloud environments. Further mitigations to limit the ability of adversaries to perform lateral movement and network enumeration include network segmentation, end-to-end encryption, least privilege and time-based access for privileged users, use of network monitoring and documentation of external remote connections, disabling and constraining unused scripting and command line utilities, and maintaining encrypted offline backups.

As the number of cyberattacks continues to increase at an exponential level, the Fortis team remains vigilant in our mission to stop breaches before they occur. We are fighting for you with 24x7x365 monitoring of your environment through our Security Operations Center (SOC), Incident Response, and Threat Intelligence teams to help lower the time to detect and respond to active threats. Our Incident Response team is always ready to engage at (844) 297-4853. Please contact us if you would like to learn more about how Fortis can help protect your organization from all types of cyber threats.

For more detailed information on the technical details of this advisory and recommended mitigations relating to the rising trend of ransomware, as well as external references, please view the joint cybersecurity advisory in its entirety at the government IC3 website.