Official Alerts & Statements - FBI

Official FBI updates to help stakeholders guard against the ever-evolving ransomware threat environment. These advisories, FBI Flashes, FBI Private Industry Notifications (PINs) and joint statements are designed to help cybersecurity professionals and system administrators' guard against the persistent malicious actions of cyber actors.  

  • Joint Cybersecurity Advisory: Ransomware Awareness for Holidays and Weekends
    • Cyber actors have conducted increasingly impactful attacks against U.S. entities on or around holiday weekends over the last several months this year. The FBI and CISA encourage all entities to examine their current cybersecurity posture and implement the recommended best practices and mitigations to manage the risk posed by all cyber threats, including ransomware.
  • Joint Cybersecurity Advisory: DarkSide Ransomware: Best Practices for Preventing Business Disruption from Ransomware Attacks 
    • CISA and FBI are aware of a ransomware attack affecting a critical infrastructure (Cl) entity-a pipeline company-in the United States. Malicious cyber actors deployed DarkSide ransomware, a ransomware-as-a-service (RaaS) variant, against the pipeline company's information technology (IT) network. This joint advisory provides technical details on the DarkSide actors, some of their known tactics and preferred targets, and recommended best practices for preventing business disruption from ransomware attacks. 
    • Current Activity: Update to CISA-FBI Joint Cybersecurity Advisory on DarkSide Ransomware 
      • On May 19, a downloadable STIX file of indicators of compromise (IOCs) was added to the advisory to help network defenders find and mitigate activity associated with DarkSide ransomware. 
  • FBI Flash (CP-000147-MW): Conti Ransomware Attacks Impact Healthcare and First Responder Networks
    • The FBI identified at least 16 Conti ransomware attacks targeting US healthcare and first responder networks, including law enforcement agencies, emergency medical services, 9-1-1 dispatch centers, and municipalities. 
  • FBI Flash (CU-000143-MW): Mamba Ransomware Weaponizing DiscCryptor
    • FBI and CISA coordinating product on Mamba Ransomware provided to help cybersecurity professionals and system administrators' guard against the persistent malicious actions of cyber actors. 
  • Joint Alert (AA21-076A): TrickBot Malware
    • CISA and FBI have observed continued sophisticated spearphishing campaigns using TrickBot malware in North America. Cybercrime actors are luring victims, via phishing emails, with a traffic infringement phishing scheme to download TrickBot, a Trojan first identified in 2016. Attackers can use TrickBot to drop other malware, such as Ryuk and Conti ransomware, or serve as an Emotet downloader. 
  • FBI Flash (CP-000142-MW): Increase in PYSA Ransomware Targeting Education Institutions
    • Joint FBI and CISA coordinated product on PYSA Ransomware provided to help cybersecurity professionals and system administrators' guard against the persistent malicious actions of cyber actors. 
  • FBI Private Industry Notification (PIN#: 20210106-001): Egregor Ransomware Targets Businesses Worldwide, Attempting to Extort Businesses by Publicly Releasing Exfiltrated Data
    • Joint FBI and CISA coordinated product on Egregor Ransomware provided to help cybersecurity professionals and system administrators' guard against the persistent malicious actions of cyber actors. 
  • FBI Public Service Announcement (I-121520-PSA): Transition to Distance Learning Creates Opportunities for Cyber Actors to Disrupt Instruction and Steal Data
    • Joint FBI and CISA Public Service Announcement (PSA) raising awareness for parents and caregivers of school-age children about potential disruptions to schools and compromises of private information, as cyber actors exploit remote learning vulnerabilities. 
  • Joint Alert (AA20-302A): Ransomware Activity Targeting the Healthcare and Public Health Sector
    • Joint cybersecurity advisory from CISA, the FBI, and the Department of Health and Human Services (HHS), describing the tactics, techniques, and procedures (TTPs) used by cybercriminals against targets in the Healthcare and Public Health (HPH) Sector to infect systems with ransomware, notably Ryuk and Conti, for financial gain.
  • Joint Alert (AA20-106A): Guidance on the North Korean Cyber Threat
    • This advisory from the U.S. Departments of State, the Treasury, and Homeland Security, and the FBI is a comprehensive resource on the North Korean cyber threat for the international community, network defenders, and the public, and it provides recommended steps to mitigate the threat. 
  • Joint Alert (AA18-337A): SamSam Ransomware
    • DHS and the FBI issued this activity alert to inform computer network defenders about SamSam ransomware, also known as MSIL/Samas.A.