Newsroom

JOINT CYBERSECURITY ADVISORY: LockBit 3.0 RANSOMWARE  

• The Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), and the Multi-State Information Sharing and Analysis Center (MS-ISAC) released joint CSA on LockBit 3.0 ransomware. LockBit affiliates have attacked a wide range of businesses and critical infrastructure organizations.

CISA ESTABLISHES RANSOMWARE VULNERABILITY WARNING PILOT 

• Recognizing the persistent threat posed by ransomware attacks to organizations of all sizes, the Cybersecurity and Infrastructure Security Agency (CISA) announces today the establishment of the Ransomware Vulnerability Warning Pilot (RVWP).

• The Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) released joint CSA on Royal ransomware used by threat actors to target numerous critical infrastructure sectors including, but not limited to, manufacturing, communications, healthcare and public healthcare (HPH), and education.

• The National Security Agency, Federal Bureau of Investigation, Cybersecurity and Infrastructure Security Agency, Health and Human Services, and Republic of Korea’s National Intelligence Service and Defense Security Agency released joint CSA on Ransomware Attacks on Critical Infrastructure Fund DPRK Malicious Cyber Activities.

• The Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) released advisory with guidance on how to use an ESXiArgs recovery script. Organizations that have fallen victim to ESXiARgs ransomware can use the script to attempt to recover their files. Other recommended mitigations are provided that all organizations should consider implementing.

• The Cybersecurity and Infrastructure Security Agency (CISA) released a Phishing Infographic to help protect both organizations and individuals from successful phishing operations, as well as a visual summary of how threat actors execute successful phishing operations.

• The Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) released joint CSA on Cuba ransomware to target a wide range of businesses and critical infrastructure sector organizations, including those in Financial Services, Government Facilities, Healthcare and Public Health, Critical Manufacturing, and Information Technology.

• The Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), and the Department of Health and Human Services (HHS) released joint CSA on Hive ransomware to target a wide range of businesses and critical infrastructure sector organizations, including those in the Government Facilities, Communications, Critical Manufacturing, Information Technology, and especially Healthcare and Public Health (HPH) Sectors.

• The Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), and the Department of Health and Human Services (HHS) released joint CSA on Daixin actors targeting healthcare and public health sector with ransomware since at least June 2022.

• This joint Cybersecurity Advisory details Iranian State Actors Conduct Cyber Operations Against the Government of Albania. CISA and the Federal Bureau of Investigation urge network defenders to examine their current cybersecurity posture and apply the recommended mitigations in this advisory.

• This joint Cybersecurity Advisory details Iranian Islamic Revolutionary Guard Corps-affiliated cyber actors exploiting vulnerabilities for data extortion and disk encryption for ransom operations. CISA, the Federal Bureau of Investigation, National Security Agency, U.S. Cyber Command - Cyber National Mission Force (CNMF), Department of the Treasury, Australian Cyber Security Centre, Canadian Centre for Cyber Security, and United Kingdom’s National Cyber Security Centre urge network defenders to examine their current cybersecurity posture and apply the recommended mitigations in this advisory.

• The Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), and the Multi-State Information Sharing and Analysis Center (MS-ISAC) released a joint Cybersecurity Advisory on Vice Society actors disproportionately targeting the education sector with ransomware attacks as recently as September 2022.

• The Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) released a joint Cybersecurity Advisory (CSA) on Zeppelin ransomware which has been identified through FBI investigations as recently as April 2022.

• The Cybersecurity and Infrastructure Security Agency (CISA) and the Australian Cyber Security Centre (ACSC) published a Cybersecurity Advisory (CSA) that provides details on the 2021 top malware strains used by malicious cyber actors to covertly compromise and then gain unauthorized access to a computer or mobile device. The top malware strains in 2021 include remote access Trojans (RATs), banking Trojans, information stealers, and ransomware. Read the advisory to learn how to detect and protect against these and other cyber threats.

• This joint Cybersecurity Advisory (CSA) from CISA, FBI, and the U.S. Department of Treasury provides information on Maui ransomware, which has been used by North Korean state-sponsored cyber actors since at least May 2021 to target Healthcare and Public Health (HPH) Sector organizations. Learn about the tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs) of this threat.

• Malicious actors have used MedusaLocker ransomware in attacks as recently as May 2022. The Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), the Department of the Treasury, and the Financial Crimes Enforcement Network (FinCEN) have released recommended actions, mitigations, and resources for organizations to use to protect against and respond to this cyber threat.

• Cyber actors have conducted increasingly impactful attacks against U.S. entities on or around holiday weekends over the last several months this year. The FBI and CISA encourage all entities to examine their current cybersecurity posture and implement the recommended best practices and mitigations to manage the risk posed by all cyber threats, including ransomware.

• Law enforcement and judicial authorities in Europe, the U.S., and Canada seized the web domains and server infrastructure of DoubleVPN. This is a virtual private network (VPN) service which provided a safe haven for cybercriminals to attack their victims. 

• After President Biden signed an executive order to improve the nation’s cybersecurity and protect federal government networks, Brandon Wales, Acting Director if the Cybersecurity and Infrastructure Security Agency (CISA) released a statement about the importance of this step forward after the recent ransomware attacks on the Colonial Pipeline.

• The Cybersecurity and Infrastructure Security Agency (CISA) and CYBER.ORG jointly announce a cyber safety video series to help those learning or working online take proactive steps to protect themselves and their business. The video series currently includes five videos that provide easy to understand cybersecurity concepts which include tips to avoid becoming a victim of a ransomware attack.

• The Cybersecurity and Infrastructure Security Agency (CISA) announces the Reduce the Risk of Ransomware Campaign, a focused, coordinated, and sustained effort to encourage public and private sector organizations to implement best practices, tools and resources that can help them mitigate this cybersecurity risk and threat.

• The Cybersecurity and Infrastructure Security Agency (CISA) and Multi-State Information Sharing and Analysis Center (MS-ISAC) are releasing a joint Ransomware Guide meant to be a one-stop resource for stakeholders on how to be proactive and prevent these attacks from happening and also a detailed approach on how to respond to an attack and best resolve the cyber incident.

• A Romanian woman pleaded guilty to federal charges stemming from her role in a conspiracy to illegally access approximately 126 computers associated with Metropolitan Police Department (MPD) surveillance cameras, and to use those computers in connection with a scheme to distribute ransomware in January 2017.

• Iraninian nationals were charged with committing a sophisticated ransomware attack on the City of Atlanta in violation of the Computer Fraud and Abuse Act.

• A Russian national and organization BTC-e were indicted by a grand jury in Northern California for operating an unlicensed money service business, money laundering and related crimes. BTC-e was noted for its role in numerous ransomware and other cyber criminal activity, according to Special Agent in Charge of the USSS Criminal Investigative Division Michael D’Ambrosio.

• A criminal complaint and arrest warrants were unsealed charging two Romanian nationals with a conspiracy to illegally access approximately 123 computers associated with Metropolitan Police Department (MPD) surveillance cameras and to use those computers in connection with a scheme to distribute ransomware in January 2017.