Home » Cybersecurity » Ransomware is Becoming a Professional Service

Ransomware is Becoming a Professional Service
Ransomware trends and recommendations were laid out in a Joint Cybersecurity Advisory, coauthored by cybersecurity agencies in the United States, United Kingdom, and Australia. The report noted that evolving tactics and techniques of cybercriminals demonstrated their growing sophistication and their increased threat to organizations globally.

Home » Cybersecurity » Ransomware is Becoming a Professional Service

Ransomware is Becoming a Professional Service

Ransomware trends and recommendations were laid out in a Joint Cybersecurity Advisory, coauthored by cybersecurity agencies in the United States, United Kingdom, and Australia. The report noted that evolving tactics and techniques of cybercriminals demonstrated their growing sophistication and their increased threat to organizations globally.
Ransomware attacks on critical infrastructure increased in 2021, hitting 14 of the 16 critical infrastructure sectors in the United States, according to a report from cybersecurity authorities in multiple countries.

Officials cited attacks on critical sectors like the defense industrial base, emergency services, food and agriculture, government facilities and information technology.

Authorities recognized ransomware as the biggest cyberthreat facing the United States, with the education sector being one of the top targets. Other targeted sectors included businesses, charities, legal professionals, and public services in the local government and health sectors.

Cybersecurity authorities observed an increasingly professional field of ransomware actors in 2021.

Along with the increased use of ransomware-as-a-service (RaaS), threat actors employed independent services to negotiate payments, assist victims in making payments and arbitrate payment disputes with other cybercriminals. Criminal groups in Europe and Asia have also shared victim information with each other.

According to the report, authorities observed that “some ransomware threat actors offered their victims the services of a 24/7 help center to expedite ransom payment and restoration of encrypted systems or data.”

Ransomware Security Checklist

  • Software Updates - keep up-to-date all software including computer operating systems
  • Service Security - monitor services such as Remote Desktop Protocols
  • Password Management - implement multifactor authentication and require strong passwords
  • Data Backup - create daily backups in multiple locations
  • Data Protection - encrypt cloud data

In the United States, ransomware actors shifted their focus from “big game” organizations to midsize victims halfway through 2021 after they suffered disruptions from cyber authorities. The switch was to reduce scrutiny, officials said.

Most commonly, cybercriminals continued to initiate ransomware attacks via phishing emails, stolen remote desktop protocols (RDP) credentials and exploited software vulnerabilities.

“These infection vectors likely remain popular because of the increased use of remote work and schooling starting in 2020 and continuing through 2021,” the report stated. “This increase expanded the remote attack surface and left network defenders struggling to keep pace with routine software patching.”

Cybercriminals increased their impact through a few methods—such as by targeting the cloud, managed service providers (MSPs) and software supply chain entities—and several groups have begun attacking industrial processes. More attacks against U.S. entities occurred on holidays and weekends.

Criminals also expanded methods to extort money from victims. They would threaten to release stolen information publicly, disrupt victims’ internet access, and/or inform the victims’ partners or shareholders of the incident.

Authorities had several recommendations to reduce the likelihood and impact of ransomware attacks. Organizations should keep all operating systems and software up to date; secure and monitor potentially risky services (e.g., RDP); implement user training programs and phishing exercises; require multifactor authentication (MFA); require strong and unique passwords; protect cloud storage by backing up to multiple locations; and encrypt cloud data.

Ransomware attacks on critical infrastructure increased in 2021, hitting 14 of the 16 critical infrastructure sectors in the United States, according to a report from cybersecurity authorities in multiple countries.

Officials cited attacks on critical sectors like the defense industrial base, emergency services, food and agriculture, government facilities and information technology.

Authorities recognized ransomware as the biggest cyberthreat facing the United States, with the education sector being one of the top targets. Other targeted sectors included businesses, charities, legal professionals, and public services in the local government and health sectors.

Cybersecurity authorities observed an increasingly professional field of ransomware actors in 2021.

Along with the increased use of ransomware-as-a-service (RaaS), threat actors employed independent services to negotiate payments, assist victims in making payments and arbitrate payment disputes with other cybercriminals. Criminal groups in Europe and Asia have also shared victim information with each other.

According to the report, authorities observed that “some ransomware threat actors offered their victims the services of a 24/7 help center to expedite ransom payment and restoration of encrypted systems or data.”

checklist graphic

Ransomware Security Checklist

  • Software Updates - keep up-to-date all software including computer operating systems
  • Service Security - monitor services such as Remote Desktop Protocols
  • Password Management - implement multifactor authentication and require strong passwords
  • Data Backup - create daily backups in multiple locations
  • Data Protection - encrypt cloud data

In the United States, ransomware actors shifted their focus from “big game” organizations to midsize victims halfway through 2021 after they suffered disruptions from cyber authorities. The switch was to reduce scrutiny, officials said.

Most commonly, cybercriminals continued to initiate ransomware attacks via phishing emails, stolen remote desktop protocols (RDP) credentials and exploited software vulnerabilities.

“These infection vectors likely remain popular because of the increased use of remote work and schooling starting in 2020 and continuing through 2021,” the report stated. “This increase expanded the remote attack surface and left network defenders struggling to keep pace with routine software patching.”

Cybercriminals increased their impact through a few methods—such as by targeting the cloud, managed service providers (MSPs) and software supply chain entities—and several groups have begun attacking industrial processes. More attacks against U.S. entities occurred on holidays and weekends.

Criminals also expanded methods to extort money from victims. They would threaten to release stolen information publicly, disrupt victims’ internet access, and/or inform the victims’ partners or shareholders of the incident.

Authorities had several recommendations to reduce the likelihood and impact of ransomware attacks. Organizations should keep all operating systems and software up to date; secure and monitor potentially risky services (e.g., RDP); implement user training programs and phishing exercises; require multifactor authentication (MFA); require strong and unique passwords; protect cloud storage by backing up to multiple locations; and encrypt cloud data.

The Last Word

For more cybersecurity guidance, including cyber liability insurance, contact an InsureGood Advisor who can help navigate through the ever-changing landscape of cyber intelligence.

Additional Resources

software engineer testing servers for jackware

What is Jackware Ransomware?

This article provides additional information on the potential implications of jackware cyberattacks, outlines the latest real-world examples of these incidents, and offers prevention measures for businesses to consider.

Read More

Loading...