#StopRansomware

The following #StopRansomware joint Cybersecurity Advisories are part of an ongoing effort to publish technical information on ransomware variants and ransomware threat actors for network defenders. 

  • JOINT CYBERSECURITY ADVISORY: CUBA RANSOMWARE
    • The Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) released joint CSA on Cuba ransomware to target a wide range of businesses and critical infrastructure sector organizations, including those in Financial Services, Government Facilities, Healthcare and Public Health, Critical Manufacturing, and Information Technology. All organizations are encouraged to review this advisory for threat details, actor’s tactics, techniques, and procedures (TTPs), indicators of compromise that can be used to detect if this activity is on your network, and actions and mitigations to implement to manage the risk. 
  • JOINT CYBERSECURITY ADVISORY: HIVE RANSOMWARE 
    • The Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), and the Department of Health and Human Services (HHS) released joint CSA on Hive ransomware to target a wide range of businesses and critical infrastructure sector organizations, including those in the Government Facilities, Communications, Critical Manufacturing, Information Technology, and especially Healthcare and Public Health (HPH) Sectors. All organizations are encouraged to review this advisory for threat details, actor’s tactics, techniques, and procedures (TTPs), indicators of compromise that can be used to detect if this activity is on your network, and actions and mitigations to implement to manage the risk.
  • JOINT CYBERSECURITY ADVISORY: DAIXIN TEAM LEVERAGES RANSOMWARE TO TARGET THE HEALTHCARE AND PUBLIC HEALTH SECTOR 
    • The Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), and the Department of Health and Human Services (HHS) released joint CSA on Daixin actors targeting healthcare and public health sector with ransomware since at least June 2022. All organizations are encouraged to review this advisory for threat details, actor’s tactics, techniques, and procedures (TTPs), indicators of compromise that can be used to detect if this activity is on your network, and actions and mitigations to implement to manage the risk. (October 21, 2022)
  • JOINT CYBERSECURITY ADVISORY: VICE SOCIETY
    • The Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), and the Multi-State Information Sharing and Analysis Center (MS-ISAC) released a joint Cybersecurity Advisory detailing indicators of compromise and tactics, techniques, and procedures associated with Vice Society actors disproportionately targeting the education sector with ransomware attacks. Observed as recently as September 2022, Vice Society isbelieved to be a Russian-based intrusion, exfiltration, and extortion hacking group. The FBI, CISA, and the MS-ISAC anticipate attacks may increase as the 2022/2023 school year is underway for most of the United States. (September 6, 2022)
  • JOINT CYBERSECURITY ADVISORY: ZEPPELIN RANSOMWARE
    • The Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) released a joint Cybersecurity Advisory (CSA) on Zeppelin ransomware which has been identified through FBI investigations as recently as April 2022. The CSA the known tactics, techniques, and procedures (TTPs), threat details, and indicators of compromise (IOC). All organizations are encouraged to review the IOCs and implement actions and mitigations to manage this potential cyber risk. (August 11, 2022) 
  • JOINT ADVISORY DETAILS MEDUSALOCKER RANSOMWARE CYBER THREAT 
    • Malicious actors have used MedusaLocker ransomware in attacks as recently as May 2022. The Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), the Department of the Treasury, and the Financial Crimes Enforcement Network (FinCEN) have released recommended actions, mitigations, and resources for organizations to use to protect against and respond to this cyber threat. (June 30, 2022)