#StopRansomware

The following #StopRansomware joint Cybersecurity Advisories are part of an ongoing effort to publish technical information on ransomware variants and ransomware threat actors for network defenders. 

  • JOINT CYBERSECURITY ADVISORY: VICE SOCIETY
    • The Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), and the Multi-State Information Sharing and Analysis Center (MS-ISAC) released a joint Cybersecurity Advisory detailing indicators of compromise and tactics, techniques, and procedures associated with Vice Society actors disproportionately targeting the education sector with ransomware attacks. Observed as recently as September 2022, Vice Society isbelieved to be a Russian-based intrusion, exfiltration, and extortion hacking group. The FBI, CISA, and the MS-ISAC anticipate attacks may increase as the 2022/2023 school year is underway for most of the United States. (September 6, 2022)
  • JOINT CYBERSECURITY ADVISORY: ZEPPELIN RANSOMWARE
    • The Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) released a joint Cybersecurity Advisory (CSA) on Zeppelin ransomware which has been identified through FBI investigations as recently as April 2022. The CSA the known tactics, techniques, and procedures (TTPs), threat details, and indicators of compromise (IOC). All organizations are encouraged to review the IOCs and implement actions and mitigations to manage this potential cyber risk. (August 11, 2022) 
  • JOINT ADVISORY DETAILS MEDUSALOCKER RANSOMWARE CYBER THREAT 
    • Malicious actors have used MedusaLocker ransomware in attacks as recently as May 2022. The Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), the Department of the Treasury, and the Financial Crimes Enforcement Network (FinCEN) have released recommended actions, mitigations, and resources for organizations to use to protect against and respond to this cyber threat. (June 30, 2022)