Global Ransomware Warning Issued by US, UK, and Australia

Global Ransomware Warning Issued by US, UK, and Australia

By Laura Stotler

The United States, United Kingdom, and Australia have issued a joint advisory about cybercriminal attack techniques after a surge of "sophisticated, high impact" ransomware attacks on businesses and organizations. The warning was issued by the U.S. Cybersecurity and Infrastructure Agency (CISA), the UK National Cyber Security Centre (NCSC) and the Australia Cyber Security Center.

The agencies issued a joint warning that ransomware tactics and techniques have continued to evolve in 2021. The attacks have targeted a wide range of industries, including defense, IT, financial services, healthcare, energy, education, charities and local governments. The agencies warned ransomware threat actors are displaying growing technological sophistication, which poses an increased threat to organizations throughout the world.

The joint bulletin issued by the agencies revealedthere were three top infection vectors for ransomware attacks in 2021. They included phishing emails, remote desktop protocol (RDP) exploitation through stolen credentials or brute force and exploitation of software vulnerabilities.

Managed service providers (MSPs) were also a major target for ransomware in 2021, with attackers often impacting all of an MSP's customers at the same time. Ransomware attackers also targeted poorly-defended cloud infrastructure, with the goal of stealing data and encrypted information and even denying access to backup systems in some cases.

Other popular targets included industrial processes that impacted connected business systems or interference with critical infrastructure through code development. Attackers also went after the software supply chain and used it to access multiple targets through a single instance of compromise. Organizations were also targeted on holidays and weekends when impacts would be greater and when there was a likelihood of less IT support staff in place.

Attackers also launched a number of Ransomware-as-a-Service (RaaS) operations in 2021, with some offering 24/7 help desk support to compromised businesses to expedite their ransom payments. Many organizations reported being encouraged to pay ransoms or risk the leak of stolen sensitive data if demands were not met.

Ultimately, the three cybersecurity agencies believe the ransomware business model translates to large financial returns, perpetuating the frequency of attacks. The rise in attacks, coupled with the RaaS business model, has increased the complexity of the attacks since networks of developers, freelancers and affiliates are working together globally to launch attacks.

Edited by Luke Bellos
Get stories like this delivered straight to your inbox. [Free eNews Subscription]

MSPToday Contributing Editor

Related Articles

ICYMI: News Around the MSP Industry

By: Greg Tavarez    5/17/2024

Here are a few articles compiled into one for readers interested in developments around the MSP space.

Read More

Wildix UK and Ireland Shake Up Leadership for Growth and Innovation

By: Greg Tavarez    5/16/2024

Wildix announced a strategic leadership transition designed to propel the company's market growth.

Read More

Are Resellers Leaving Money on the Table?

By: Special Guest    5/16/2024

The expert and correct installation of network infrastructure and other components is crucial to every IT project's success, adding tangible value by …

Read More

Bitwarden's New Standalone App Makes Two-Factor Authentication Simple

By: Greg Tavarez    5/15/2024

Bitwarden recently launched a standalone app for two-factor authentication to protect online services and applications from unauthorized access.

Read More

Cyware Quarterback: The AI Playmaker for Advanced Security Operations

By: Greg Tavarez    5/15/2024

Cyware Quarterback is a user-friendly, AI-powered interface that streamlines security tasks for enterprise clients and security information sharing gr…

Read More