Newsroom

 

  • CISA AND PARTNERS UPDATE THE #STOPRANSOMWARE GUIDE, DEVELOPED THROUGH THE JOINT RANSOMWARE TASK FORCE 

    • CISA, the Federal Bureau of Investigation (FBI), the National Security Agency (NSA), and the Multi-State Information Sharing and Analysis Center (MS-ISAC) published an updated version of the #StopRansomware Guide, as ransomware actors have accelerated their tactics and techniques since its initial release in 2020.

  • JOINT CYBERSECURITY ADVISORY: BIANLIAN RANSOMWARE   

    The Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), and the Australian Cyber Security Centre (ACSC) released joint CSA on BianLian ransomware. FBI observed BianLian group targeting organizations in multiple U.S. critical infrastructure sectors since June 2022. 

  • JOINT CYBERSECURITY ADVISORY:  CISA and FBI Release Joint Advisory in Response to Active Exploitation of PaperCut Vulnerability

    • The Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) released joint CSA – “Malicious Actors Exploit CVE-2023-27350 in PaperCut MF and NG.” 

  • JOINT CYBERSECURITY ADVISORY: LockBit 3.0 RANSOMWARE  

    • The Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), and the Multi-State Information Sharing and Analysis Center (MS-ISAC) released joint CSA on LockBit 3.0 ransomware. LockBit affiliates have attacked a wide range of businesses and critical infrastructure organizations.

  • CISA ESTABLISHES RANSOMWARE VULNERABILITY WARNING PILOT 

    • Recognizing the persistent threat posed by ransomware attacks to organizations of all sizes, the Cybersecurity and Infrastructure Security Agency (CISA) announces today the establishment of the Ransomware Vulnerability Warning Pilot (RVWP).

  • JOINT CYBERSECURITY ADVISORY: ROYAL RANSOMWARE  
    • The Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) released joint CSA on Royal ransomware used by threat actors to target numerous critical infrastructure sectors including, but not limited to, manufacturing, communications, healthcare and public healthcare (HPH), and education.
  • JOINT CYBERSECURITY ADVISORY: RANSOMWARE ATTACKS ON CRITICAL INFRASTRUCTURE FUND DPRK MALICIOUS CYBER ACTIVITIES
    • The National Security Agency, Federal Bureau of Investigation, Cybersecurity and Infrastructure Security Agency, Health and Human Services, and Republic of Korea’s National Intelligence Service and Defense Security Agency released joint CSA on Ransomware Attacks on Critical Infrastructure Fund DPRK Malicious Cyber Activities.
  • JOINT CYBERSECURITY ADVISORY: ESXIARGS RANSOMWARE VIRTUAL MACHINE RECOVERY GUIDANCE
    • The Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) released advisory with guidance on how to use an ESXiArgs recovery script. Organizations that have fallen victim to ESXiARgs ransomware can use the script to attempt to recover their files. Other recommended mitigations are provided that all organizations should consider implementing.
  • PHISHING SUSCEPTABILITY INFOGRAPHIC 
    • The Cybersecurity and Infrastructure Security Agency (CISA) released a Phishing Infographic to help protect both organizations and individuals from successful phishing operations, as well as a visual summary of how threat actors execute successful phishing operations.
  • JOINT CYBERSECURITY ADVISORY: CUBA RANSOMWARE  
    • The Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) released joint CSA on Cuba ransomware to target a wide range of businesses and critical infrastructure sector organizations, including those in Financial Services, Government Facilities, Healthcare and Public Health, Critical Manufacturing, and Information Technology.
  • JOINT CYBERSECURITY ADVISORY: HIVE RANSOMWARE
    • The Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), and the Department of Health and Human Services (HHS) released joint CSA on Hive ransomware to target a wide range of businesses and critical infrastructure sector organizations, including those in the Government Facilities, Communications, Critical Manufacturing, Information Technology, and especially Healthcare and Public Health (HPH) Sectors.
  • JOINT CYBERSECURITY ADVISORY: DAIXIN TEAM LEVERAGES RANSOMWARE TO TARGET THE HEALTHCARE AND PUBLIC HEALTH SECTOR
    • The Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), and the Department of Health and Human Services (HHS) released joint CSA on Daixin actors targeting healthcare and public health sector with ransomware since at least June 2022.
  • IRANIAN STATE ACTORS CONDUCT CYBER OPERATIONS AGAINST THE GOVERNMENT OF ALBANIA 
    • This joint Cybersecurity Advisory details Iranian State Actors Conduct Cyber Operations Against the Government of Albania. CISA and the Federal Bureau of Investigation urge network defenders to examine their current cybersecurity posture and apply the recommended mitigations in this advisory.
  • IRANIAN ISLAMIC REVOLUTIONARY GUARD CORPS-AFFILIATED CYBER ACTORS EXPLOIT VULNERABILITIES FOR RANSOM OPERATIONS
    • This joint Cybersecurity Advisory details Iranian Islamic Revolutionary Guard Corps-affiliated cyber actors exploiting vulnerabilities for data extortion and disk encryption for ransom operations. CISA, the Federal Bureau of Investigation, National Security Agency, U.S. Cyber Command - Cyber National Mission Force (CNMF), Department of the Treasury, Australian Cyber Security Centre, Canadian Centre for Cyber Security, and United Kingdom’s National Cyber Security Centre urge network defenders to examine their current cybersecurity posture and apply the recommended mitigations in this advisory.
  • JOINT ADVISORY DETAILS VICE SOCIETY RANSOMWARE ATTACK TECHNIQUES, OFFERS MITIGATION
    • The Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), and the Multi-State Information Sharing and Analysis Center (MS-ISAC) released a joint Cybersecurity Advisory on Vice Society actors disproportionately targeting the education sector with ransomware attacks as recently as September 2022.
  • JOINT CYBERSECURITY ADVISORY: ZEPPELIN RANSOMWARE  
    • The Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) released a joint Cybersecurity Advisory (CSA) on Zeppelin ransomware which has been identified through FBI investigations as recently as April 2022.
  • CISA AND ACSC RELEASE TOP 2021 MALWARE STRAINS
    • The Cybersecurity and Infrastructure Security Agency (CISA) and the Australian Cyber Security Centre (ACSC) published a Cybersecurity Advisory (CSA) that provides details on the 2021 top malware strains used by malicious cyber actors to covertly compromise and then gain unauthorized access to a computer or mobile device. The top malware strains in 2021 include remote access Trojans (RATs), banking Trojans, information stealers, and ransomware. Read the advisory to learn how to detect and protect against these and other cyber threats.
  • NORTH KOREAN STATE-SPONSORED CYBER ACTORS USE MAUI RANSOMWARE TO TARGET THE HEALTHCARE AND PUBLIC HEALTH SECTOR
    • This joint Cybersecurity Advisory (CSA) from CISA, FBI, and the U.S. Department of Treasury provides information on Maui ransomware, which has been used by North Korean state-sponsored cyber actors since at least May 2021 to target Healthcare and Public Health (HPH) Sector organizations. Learn about the tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs) of this threat.
  • JOINT ADVISORY DETAILS MEDUSALOCKER RANSOMWARE CYBER THREAT
    • Malicious actors have used MedusaLocker ransomware in attacks as recently as May 2022. The Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), the Department of the Treasury, and the Financial Crimes Enforcement Network (FinCEN) have released recommended actions, mitigations, and resources for organizations to use to protect against and respond to this cyber threat.
  • CISA AND FBI URGE ORGANIZATIONS TO REMAIN VIGILANT TO RANSOMWARE THREATS ON HOLIDAYS, INCLUDING THIS LABOR DAY
    • Cyber actors have conducted increasingly impactful attacks against U.S. entities on or around holiday weekends over the last several months this year. The FBI and CISA encourage all entities to examine their current cybersecurity posture and implement the recommended best practices and mitigations to manage the risk posed by all cyber threats, including ransomware.
  • COORDINATED ACTION CUTS OFF ACCESS TO VPN SERVICE USED BY RANSOMWARE GROUPS
    • Law enforcement and judicial authorities in Europe, the U.S., and Canada seized the web domains and server infrastructure of DoubleVPN. This is a virtual private network (VPN) service which provided a safe haven for cybercriminals to attack their victims. 
  • STATEMENT FROM CISA ACTING DIRECTOR WALES ON EXECUTIVE ORDER TO IMPROVE THE NATION’S CYBERSECURITY AND PROTECT FEDERAL NETWORKS
    • After President Biden signed an executive order to improve the nation’s cybersecurity and protect federal government networks, Brandon Wales, Acting Director if the Cybersecurity and Infrastructure Security Agency (CISA) released a statement about the importance of this step forward after the recent ransomware attacks on the Colonial Pipeline.
  • CISA AND CYBER.ORG PARTNER TO DELIVER CYBER SAFETY VIDEO SERIES
    • The Cybersecurity and Infrastructure Security Agency (CISA) and CYBER.ORG jointly announce a cyber safety video series to help those learning or working online take proactive steps to protect themselves and their business. The video series currently includes five videos that provide easy to understand cybersecurity concepts which include tips to avoid becoming a victim of a ransomware attack.
  • CISA LAUNCHES CAMPAIGN TO REDUCE THE RISK OF RANSOMWARE
    • The Cybersecurity and Infrastructure Security Agency (CISA) announces the Reduce the Risk of Ransomware Campaign, a focused, coordinated, and sustained effort to encourage public and private sector organizations to implement best practices, tools and resources that can help them mitigate this cybersecurity risk and threat.
  • CISA AND MS-ISAC RELEASE JOINT RANSOMWARE GUIDE
    • The Cybersecurity and Infrastructure Security Agency (CISA) and Multi-State Information Sharing and Analysis Center (MS-ISAC) are releasing a joint Ransomware Guide meant to be a one-stop resource for stakeholders on how to be proactive and prevent these attacks from happening and also a detailed approach on how to respond to an attack and best resolve the cyber incident.
  • ROMANIAN WOMAN PLEADS GUILTY TO FEDERAL CHARGES IN HACKING OF METROPOLITAN POLICE DEPARTMENT SURVEILLANCE CAMERAS
    • A Romanian woman pleaded guilty to federal charges stemming from her role in a conspiracy to illegally access approximately 126 computers associated with Metropolitan Police Department (MPD) surveillance cameras, and to use those computers in connection with a scheme to distribute ransomware in January 2017.
  • ATLANTA U.S. ATTORNEY CHARGES IRANIAN NATIONALS FOR CITY OF ATLANTA RANSOMWARE ATTACK
    • Iraninian nationals were charged with committing a sophisticated ransomware attack on the City of Atlanta in violation of the Computer Fraud and Abuse Act.
  • RUSSIAN NATIONAL AND BITCOIN EXCHANGE CHARGED IN 21-COUNT INDICTMENT FOR OPERATING ALLEGED INTERNATIONAL MONEY LAUNDERING SCHEME AND ALLEGEDLY LAUNDERING FUNDS FROM HACK OF MT. GOX
    • A Russian national and organization BTC-e were indicted by a grand jury in Northern California for operating an unlicensed money service business, money laundering and related crimes. BTC-e was noted for its role in numerous ransomware and other cyber criminal activity, according to Special Agent in Charge of the USSS Criminal Investigative Division Michael D’Ambrosio.
  • TWO ROMANIAN SUSPECTS CHARGED WITH HACKING OF METROPOLITAN POLICE DEPARTMENT SURVEILLANCE CAMERAS IN CONNECTION WITH RANSOMWARE SCHEME
    • A criminal complaint and arrest warrants were unsealed charging two Romanian nationals with a conspiracy to illegally access approximately 123 computers associated with Metropolitan Police Department (MPD) surveillance cameras and to use those computers in connection with a scheme to distribute ransomware in January 2017.