On November 1st of 2021, the Federal Bearue Of Investigation (FBI) issued a notification that explained the various ways adopted by the attackers to exploit victims and extort ransom.
According to the summary of FBI notification:
The FBI assesses ransomware actors are very likely using significant financial events, such as mergers and acquisitions, to target and leverage victim companies for ransomware infections. Prior to an attack, ransomware actors research publicly available information, such as a victim’s stock valuation, as well as material nonpublic information.
The agency further explains that it is highly likely that the culprit will threaten victims using their personal information if they don’t comply and pay the demanded ransom. In addition, these incidents are “time-sensitive financial events” because the attackers want to force their sufferers to pay ransom money. They also disclosed that the whole two-stage process usually starts with “an initial intrusion through a trojan malware.
According to the FBI:
During the initial reconnaissance phase, cybercriminals identify non-publicly available information they threaten to release or use as leverage during the extortion to entice victims to comply with ransom demands. Additionally, impending events that could affect a victim’s stock value, such as announcements, mergers, and acquisitions, encourage ransomware actors to target a network or adjust their timeline for extortion where access is established.
Malware or sometimes called malicious software is a word that is used to collectively definite programs such as trojans, viruses, and worms. Various cybercriminals or hackers widely use these programs to infiltrate their victims’ devices, such as computers, laptops, servers, etc.
There’s no doubt that malware is a severely dangerous weapon that has been used in the past to steal sensitive banking information and even penetrate government systems and nuclear systems.
Here are a few recommendations issued by the FBI to keep yourself protected from ransomware and malware.
- Keep your operating systems up to date.
- Ensure the use of antivirus software with malware protection.
- Regularly run scans and updates on your devices.
- Keep a backup of your data in more than a single place.
- Avoid using Public Wi-Fi.
- Start using two-factor authentications for login for an extra layer of protection.
The FBI also urges to report any or all suspicious criminal activity to local FBI field offices. Field offices can be identified through www.fbi.gov/contact-us/field-offices.
Lastly, the FBI advises against paying a ransom because it will ultimately encourage the culprits to target new businesses. It will also inspire other criminal actors to spread ransomware and may finance illegal activities.
Ransomware attacks using trojan malware have been rapidly increasing. Recently, there was a 5.9 million ransomware attack on the US Farmer cooperative by the BlackMatter ransomware group that has been behind many high-profile attacks in the US and abroad.
Furthermore, recently the NSA and CISA also published security guidelines for securing VPN servers against such attacks.