#StopRansomware
The following #StopRansomware products are part of an ongoing effort to publish technical information on ransomware variants and ransomware threat actors; best practices; and ways to prevent, protect and/or respond to a ransomware attack.
- JOINT CYBERSECURITY ADVISORY: #STOPRANSOMARE: BLACK BASTA
- The Federal Bureau of Investigation (FBI), Cybersecurity and Infrastructure Security Agency (CISA), Department of Health and Human Services (HHS), and Multi-State Information Sharing and Analysis Center (MS-ISAC) issued this advisory with technical details on Black Basta, a ransomware-as-a-service (RaaS) used by various criminal affiliates.
- JOINT CYBERSECURITY ADVISORY: PHOBOS RANSOMWARE
- The Cybersecurity and Infrastructure Security Agency (CISA), Federal Bureau of Investigation (FBI) and Multi-State Information Sharing and Analysis Center (MS-ISAC) issued this advisory with technical details on Phobos ransomware that has impacted state, local, tribal, and territorial (SLTT) governments since May 2019.
- JOINT CYBERSECURITY ADVISORY: RHYSIDA RANSOMWARE
- The Cybersecurity and Infrastructure Security Agency (CISA), Federal Bureau of Investigation (FBI) and Multi-State Information Sharing and Analysis Center (MS-ISAC) released this joint Cybersecurity Advisory (CSA) to disseminate Indicators of Compromise (IOCs) and FBI Yara rule on Rhysida ransomware identified through FBI investigations as recently as of September 2023 and provide mitigations to help organizations protect against this cyber threat.
- JOINT CYBERSECURITY ADVISORY: ROYAL RANSOMWARE (UPDATE)
- The Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) released an updated joint CSA on Royal ransomware used by threat actors to target numerous critical infrastructure sectors including, but not limited to, manufacturing, communications, healthcare and public healthcare (HPH), and education.
- CISA AND PARTNERS UPDATE THE #STOPRANSOMWARE GUIDE
- CISA, the National Security Agency (NSA), the Federal Bureau of Investigation (FBI), and the Multi-State Information Sharing and Analysis Center (MS-ISAC) published an updated version of the #StopRansomware Guide.
- JOINT CYBERSECURITY ADVISORY: AvosLocker Ransomware
- The Cybersecurity and Infrastructure Security Agency (CISA) and Federal Bureau of Investigation (FBI) released this joint Cybersecurity Advisory (CSA) to disseminate Indicators of Compromise (IOCs) and FBI Yara rule on AvosLocker ransomware identified through FBI investigations as recently as May 2023 and provide mitigations to help organizations protect against this cyber threat.
- JOINT CYBERSECURITY ADVISORY: SNATCH RANSOMWARE
- The Cybersecurity and Infrastructure Security Agency (CISA) and Federal Bureau of Investigation (FBI) released this joint Cybersecurity Advisory (CSA) to disseminate Indicators of Compromise (IOCs) on Snatch ransomware identified through FBI investigations as recently as June 2023 and provide mitigations to help organizations protect against this cyber threat. (September 20, 2023)
- JOINT CYBERSECURITY ADVISORY: CL0P Ransomware Gang
- The Federal Bureau of Investigation (FBI) and Cybersecurity and Infrastructure Security Agency (CISA) released joint CSA on CL0P Ransomware Gang, also known as TA505, reportedly began exploiting a previously unknown SQL injection vulnerability (CVE-2023-34362) in Progress Software's managed file transfer (MFT) solution known as MOVEit Transfer. (June 7, 2023)
- CISA AND PARTNERS UPDATE THE #STOPRANSOMWARE GUIDE, DEVELOPED THROUGH THE JOINT RANSOMWARE TASK FORCE
- CISA, the Federal Bureau of Investigation (FBI), the National Security Agency (NSA), and the Multi-State Information Sharing and Analysis Center (MS-ISAC) published an updated version of the #StopRansomware Guide, as ransomware actors have accelerated their tactics and techniques since its initial release in 2020. (May 23, 2023)
- JOINT CYBERSECURITY ADVISORY: BIANLIAN RANSOMWARE
- The Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), and the Australian Cyber Security Centre (ACSC) released joint CSA on BianLian ransomware. FBI observed BianLian group targeting organizations in multiple U.S. critical infrastructure sectors since June 2022. (May 16, 2023)
- JOINT CYBERSECURITY ADVISORY: ROYAL RANSOMWARE
- The Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) released joint CSA on Royal ransomware used by threat actors. Attacks have spread across numerous critical infrastructure sectors including, but not limited to, manufacturing, communications, healthcare and public healthcare (HPH), and education. All organizations are encouraged to review this advisory for threat details, actor’s tactics, techniques, and procedures (TTPs), and indicators of compromise that can be used to detect if this activity is on your network, along with recommended actions and mitigations to manage the risk. (March 2, 2023)
- JOINT CYBERSECURITY ADVISORY: RANSOMWARE ATTACKS ON CRITICAL INFRASTRUCTURE FUND DPRK ESPIONAGE ACTIVITIES
- The National Security Agency, Federal Bureau of Investigation, Cybersecurity and Infrastructure Security Agency, Health and Human Services, and Republic of Korea’s National Intelligence Service and Defense Security Agency released joint CSA on North Korean ransomware attacks to fund espionage activities. To reduce the risk to this nation-state sponsored threat, all organizations, especially health and healthcare entities, are encouraged to review the actor’s tactics, techniques, and procedures (TTPs), indicators of compromise, and implement recommended actions and mitigations. (February 9, 2023)
- JOINT CYBERSECURITY ADVISORY: CUBA RANSOMWARE
- The Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) released joint CSA on Cuba ransomware to target a wide range of businesses and critical infrastructure sector organizations, including those in Financial Services, Government Facilities, Healthcare and Public Health, Critical Manufacturing, and Information Technology. All organizations are encouraged to review this advisory for threat details, actor’s tactics, techniques, and procedures (TTPs), indicators of compromise that can be used to detect if this activity is on your network, and actions and mitigations to implement to manage the risk. (January 25, 2023)
- JOINT CYBERSECURITY ADVISORY: HIVE RANSOMWARE
- The Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), and the Department of Health and Human Services (HHS) released joint CSA on Hive ransomware to target a wide range of businesses and critical infrastructure sector organizations, including those in the Government Facilities, Communications, Critical Manufacturing, Information Technology, and especially Healthcare and Public Health (HPH) Sectors. All organizations are encouraged to review this advisory for threat details, actor’s tactics, techniques, and procedures (TTPs), indicators of compromise that can be used to detect if this activity is on your network, and actions and mitigations to implement to manage the risk. (November 25, 2022)
- JOINT CYBERSECURITY ADVISORY: DAIXIN TEAM LEVERAGES RANSOMWARE TO TARGET THE HEALTHCARE AND PUBLIC HEALTH SECTOR
- The Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), and the Department of Health and Human Services (HHS) released joint CSA on Daixin actors targeting healthcare and public health sector with ransomware since at least June 2022. All organizations are encouraged to review this advisory for threat details, actor’s tactics, techniques, and procedures (TTPs), indicators of compromise that can be used to detect if this activity is on your network, and actions and mitigations to implement to manage the risk. (October 21, 2022)
- JOINT CYBERSECURITY ADVISORY: VICE SOCIETY
- The Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), and the Multi-State Information Sharing and Analysis Center (MS-ISAC) released a joint Cybersecurity Advisory detailing indicators of compromise and tactics, techniques, and procedures associated with Vice Society actors disproportionately targeting the education sector with ransomware attacks. Observed as recently as September 2022, Vice Society isbelieved to be a Russian-based intrusion, exfiltration, and extortion hacking group. The FBI, CISA, and the MS-ISAC anticipate attacks may increase as the 2022/2023 school year is underway for most of the United States. (September 6, 2022)
- JOINT CYBERSECURITY ADVISORY: ZEPPELIN RANSOMWARE
- The Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) released a joint Cybersecurity Advisory (CSA) on Zeppelin ransomware which has been identified through FBI investigations as recently as April 2022. The CSA the known tactics, techniques, and procedures (TTPs), threat details, and indicators of compromise (IOC). All organizations are encouraged to review the IOCs and implement actions and mitigations to manage this potential cyber risk. (August 11, 2022)
- JOINT ADVISORY DETAILS MEDUSALOCKER RANSOMWARE CYBER THREAT
- Malicious actors have used MedusaLocker ransomware in attacks as recently as May 2022. The Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), the Department of the Treasury, and the Financial Crimes Enforcement Network (FinCEN) have released recommended actions, mitigations, and resources for organizations to use to protect against and respond to this cyber threat. (June 30, 2022)