Share this article on:
A ransomware factsheet has been released by the National Cyber Investigative Joint Task Force (NCIJTF) to raise awareness of the threat of ransomware attacks and provide insights that can be leveraged to prevent and mitigate attacks.
The fact sheet was developed by an interagency group of more than 15 government agencies and is primarily intended for use by police and fire departments, state, local, tribal and territorial governments, and critical infrastructure entities. The factsheet was released as part of the “Reduce the Risk of Ransomware Campaign” launched by the DHS’ Cybersecurity and Infrastructure Security Agency (CISA) in January 2021.
The fact sheet explains the impact ransomware attacks have had on the public sector, provides information on U.S. government efforts to combat ransomware threats, and details the most common methods used by threat actors to gain access to networks to deploy ransomware payloads: Phishing emails, Remote Desktop Protocol (RDP) vulnerabilities, and software vulnerabilities.
Phishing emails contain either a malicious link or file attachment. If the user opens the attachment or visits the link, code is executed which downloads a malicious payload. That payload may be ransomware or another malware variant which will ultimately be used to deliver ransomware. A recent report from Coveware has revealed phishing emails are now the most common method of ransomware delivery, overtaking the exploitation of RDP vulnerabilities.
Exploitation of RDP vulnerabilities is also common. RDP allows remote workers to access resources and data over the Internet. Brute force tactics are often used to guess weak passwords and stolen credentials are purchased on darknet marketplaces that allow the attackers to remotely access systems and deploy malware or ransomware. While less common, vulnerabilities in software are also exploited to gain control of victim systems and deploy ransomware.
Many of the recent ransomware campaigns have been highly sophisticated and targeted. While it is not possible to eliminate risk entirely, most ransomware attacks can be prevented by following cybersecurity best practices.
- Backing up data, testing backups, and ensuring a copy is stored securely offline.
- Implementing multifactor authentication.
- Updating software and patching all systems.
- Ensuring security solutions such as antivirus software are kept up to date.
- Creating, reviewing, and testing an incident response plan.
The ransomware fact sheet can be accessed on this link.
Further information on preventing and mitigating ransomware attacks can be found here (CISA).