The National Cyber Investigative Joint Task Force (NCIJTF) has published a ransomware factsheet in order to increase awareness of the threat of ransomware attacks and provide more information which can be used to address and prevent ransomware attacks.
The fact sheet was created by an interagency group of over fifteen government bodies and is primarily intended to be implemented by police and fire departments, state, local, tribal and territorial governments, and critical infrastructure companies and organizations. The factsheet was made available as part of the “Reduce the Risk of Ransomware Campaign” being conducted by the DHS’ Cybersecurity and Infrastructure Security Agency (CISA) that was launched in January 2021.
The fact sheet outlines the effect ransomware attacks have had on the public sector, provides data on U.S. government attempts to combat ransomware threats, and details the most often employed tactics to obtain access to networks to deploy ransomware payloads: Phishing emails, Remote Desktop Protocol (RDP) vulnerabilities, and software flaws.
Phishing emails include either a malicious link or file attachment. If the user clicks on the attachment or the link, code is executed which installs a malicious payload. That payload may be ransomware or another strain of malware which will ultimately be used to deliver ransomware. A recent report released by Coveware has revealed phishing emails are now the most common method of ransomware delivery, overtaking the exploitation of RDP flaws.
RDP is still a common method of deploying ransomware. RDP allows remote workers to access resources and data via the Internet. Brute force tactics are often used to guess poor passwords and stolen credentials are obtained through darknet marketplaces that allow the hackers to remotely access systems and deploy malware or ransomware. While rarer, vulnerabilities in software are also exploited to obtain control of victim systems and deploy ransomware.
Many ransomware campaigns use sophisticated tactics to gain access to networks, but even these attacks can usually be prevented by following cybersecurity best practices.
NCIJTF advises that you use the following measures:
- Back up data, test backups, and store a copy offline.
- Configuring multifactor authentication.
- Updating software and patching all systems as soon as updates are released.
- Making sure security solutions such as antivirus software are kept up to date.
- Implementing and testing an incident response plan.
The ransomware fact sheet can be download via this website.
Additional information on stopping and addressing ransomware attacks can be found here (CISA).