Global Ransomware Warning Issued by US, UK, and Australia


Global Ransomware Warning Issued by US, UK, and Australia

By Laura Stotler

The United States, United Kingdom, and Australia have issued a joint advisory about cybercriminal attack techniques after a surge of "sophisticated, high impact" ransomware attacks on businesses and organizations. The warning was issued by the U.S. Cybersecurity and Infrastructure Agency (CISA), the UK National Cyber Security Centre (NCSC) and the Australia Cyber Security Center.

The agencies issued a joint warning that ransomware tactics and techniques have continued to evolve in 2021. The attacks have targeted a wide range of industries, including defense, IT, financial services, healthcare, energy, education, charities and local governments. The agencies warned ransomware threat actors are displaying growing technological sophistication, which poses an increased threat to organizations throughout the world.

The joint bulletin issued by the agencies revealedthere were three top infection vectors for ransomware attacks in 2021. They included phishing emails, remote desktop protocol (RDP) exploitation through stolen credentials or brute force and exploitation of software vulnerabilities.

Managed service providers (MSPs) were also a major target for ransomware in 2021, with attackers often impacting all of an MSP's customers at the same time. Ransomware attackers also targeted poorly-defended cloud infrastructure, with the goal of stealing data and encrypted information and even denying access to backup systems in some cases.

Other popular targets included industrial processes that impacted connected business systems or interference with critical infrastructure through code development. Attackers also went after the software supply chain and used it to access multiple targets through a single instance of compromise. Organizations were also targeted on holidays and weekends when impacts would be greater and when there was a likelihood of less IT support staff in place.

Attackers also launched a number of Ransomware-as-a-Service (RaaS) operations in 2021, with some offering 24/7 help desk support to compromised businesses to expedite their ransom payments. Many organizations reported being encouraged to pay ransoms or risk the leak of stolen sensitive data if demands were not met.

Ultimately, the three cybersecurity agencies believe the ransomware business model translates to large financial returns, perpetuating the frequency of attacks. The rise in attacks, coupled with the RaaS business model, has increased the complexity of the attacks since networks of developers, freelancers and affiliates are working together globally to launch attacks.

Edited by Luke Bellos

MSPToday Contributing Editor

Related Articles

BackBox Changes Automation Tool Use Through SaaS Network Automation Platform

By: Greg Tavarez    8/8/2022

BackBox, the network automation, security and management provider released the latest version of the Backbox Automation Platform to add cloud-based Sa…

Read More

Branded vs White-Label: Can Your White-Label MSP Handle the Service Calls?

By: Bill Yates    8/8/2022

Should you put your MSP's name on the products you sell? Or are you better off selling products with the vendor's brand?

Read More

Deploy Analytics Anywhere with Analytics Plus from ManageEngine

By: Greg Tavarez    8/5/2022

ManageEngine is offering its IT analytics product, Analytics Plus, as a SaaS offering to enable users to set up a fully functional, integrated analyti…

Read More

Nomosphère Brings Wi-Fi from Cambium Networks to CASVP

By: Stefania Viscusi    8/5/2022

Nomosphère will be providing Cambium Networks wireless networking solutions to its 294 locations across Paris.

Read More

Why MSPs Should Undergo Valuation Every Year

By: Bill Yates    8/5/2022

In an industry rip with acquisition, MSPs should prepare for every opportunity and undergo a valuation annually.

Read More