#StopRansomware: Zeppelin Ransomware

08/11/2022 10:03 AM EDT

Original release date: August 11, 2022

CISA and the Federal Bureau of Investigation (FBI) have released a joint Cybersecurity Advisory (CSA), #StopRansomware: Zeppelin Ransomware, to provide information on Zeppelin Ransomware. Actors use Zeppelin Ransomware, a ransomware-as-a-service (RaaS), against a wide range of businesses and critical infrastructure organizations to encrypt victims’ files for financial gain.

CISA encourages organizations to review #StopRansomware: Zeppelin Ransomware for more information. Additionally, see StopRansomware.gov for guidance on ransomware protection, detection, and response. 

 

This product is provided subject to this Notification and this Privacy & Use policy.

North Korean State-Sponsored Cyber Actors Use Maui Ransomware to Target the Healthcare and Public Health Sector

07/06/2022 10:00 AM EDT

Original release date: July 6, 2022

CISA, the Federal Bureau of Investigation (FBI), and the Department of the Treasury (Treasury) have released a joint Cybersecurity Advisory (CSA), North Korean State-Sponsored Cyber Actors Use Maui Ransomware to Target the Healthcare and Public Health Sector, to provide information on Maui ransomware, which has been used by North Korean state-sponsored cyber actors since at least May 2021 to target Healthcare and Public Health (HPH) Sector organizations. 

CISA, FBI and Treasury urge network defenders to examine their current cybersecurity posture and apply the recommended mitigations in this joint CSA, which include:

  • Train users to recognize and report phishing attempts.
  • Enable and enforce multifactor authentication.
  • Install and regularly update antivirus and antimalware software on all hosts.

See North Korean State-Sponsored Cyber Actors Use Maui Ransomware to Target the Healthcare and Public Health Sector for Maui ransomware tactics, techniques, and procedures, indicators of compromise, and recommended mitigations. Additionally, review StopRansomware.gov for more guidance on ransomware protection, detection, and response.

For more information on state-sponsored North Korean malicious cyber activity, see CISA’s North Korea Cyber Threat Overview and Advisories webpage. 

This product is provided subject to this Notification and this Privacy & Use policy.

#StopRansomware: MedusaLocker

06/30/2022 01:00 PM EDT

Original release date: June 30, 2022

CISA, the Federal Bureau of Investigation (FBI), the Department of the Treasury (Treasury), and the Financial Crimes Enforcement Network (FinCEN) have released a joint Cybersecurity Advisory (CSA), #StopRansomware: MedusaLocker, to provide information on MedusaLocker ransomware. MedusaLocker actors target vulnerabilities in Remote Desktop Protocol (RDP) to access victims’ networks. Note: this joint #StopRansomware CSA is part of an ongoing #StopRansomware effort to publish advisories for network defenders that detail various ransomware variants and ransomware threat actors.

CISA, FBI, Treasury and FinCEN encourage network defenders to examine their current cybersecurity posture and apply the recommended mitigations in this joint CSA, which include:

  • Prioritize remediating known exploited vulnerabilities.
  • Train users to recognize and report phishing attempts.
  • Enable and enforce multifactor authentication.

See #StopRansomware: MedusaLocker to learn about MedusaLocker actors’ tactics, techniques, and procedures and the recommended mitigations. Additionally, review the U.S. government resource StopRansomware.gov for more guidance on ransomware protection, detection, and response. 

This product is provided subject to this Notification and this Privacy & Use policy.

FBI Releases IOCs Associated with BlackCat/ALPHV Ransomware

04/22/2022 08:02 AM EDT

Original release date: April 22, 2022

The Federal Bureau of Investigation (FBI) has released a Flash report detailing indicators of compromise (IOCs) associated with attacks involving BlackCat/ALPHV, a Ransomware-as-a-Service that has compromised at least 60 entities worldwide.

CISA encourages users and administrators to review the IOCs and technical details in FBI Flash CU-000167-MW and apply the recommend mitigations.

This product is provided subject to this Notification and this Privacy & Use policy.

FBI Releases PIN on Ransomware Straining Local Governments and Public Services

03/31/2022 11:00 AM EDT

Original release date: March 31, 2022

The Federal Bureau of Investigation (FBI) has released a Private Industry Notification (PIN) to inform U.S. Government Facilities Sector partners of cyber actors conducting ransomware attacks on local government agencies that have resulted in disrupted operational services, risks to public safety, and financial losses.

CISA encourages local government officials and public service providers to review FBI PIN: Ransomware Attacks Straining Local U.S. Governments and Public Services and apply the recommended mitigations.
 

This product is provided subject to this Notification and this Privacy & Use policy.

FBI and FinCEN Release Advisory on AvosLocker Ransomware

03/22/2022 07:21 AM EDT

Original release date: March 22, 2022

The Federal Bureau of Investigation (FBI) and the Department of the Treasury’s Financial Crimes Enforcement Network (FinCEN) have released a joint Cybersecurity Advisory identifying indicators of compromise associated with AvosLocker ransomware. AvosLocker is a ransomware-as-a-service affiliate-based group that has targeted victims across multiple critical infrastructure sectors in the United States including, but not limited to, the Financial Services, Critical Manufacturing, and Government Facilities sectors. 

CISA encourages organizations to review the joint Cybersecurity Advisory and apply the recommended mitigations.

This product is provided subject to this Notification and this Privacy & Use policy.

Updated: Conti Ransomware

03/09/2022 06:42 AM EST

Original release date: March 9, 2022

CISA, the Federal Bureau of Investigation (FBI), the National Security Agency (NSA), and the United States Secret Service (USSS) have re-released an advisory on Conti ransomware. Conti cyber threat actors remain active and reported Conti ransomware attacks against U.S. and international organizations have risen to more than 1,000. 

CISA, the FBI, NSA, and the USSS encourage organizations to review AA21-265A: Conti Ransomware, which includes new indicators of compromise, for more information. See Shields Up and StopRansomware.gov for ways to respond against disruptive cyber activity.

This product is provided subject to this Notification and this Privacy & Use policy.

FBI Releases Indicators of Compromise for RagnarLocker Ransomware

03/08/2022 10:35 AM EST

Original release date: March 8, 2022

The Federal Bureau of Investigation (FBI) has released a Flash report detailing indicators of compromise (IOCs) associated with ransomware attacks by RagnarLocker, a group of a ransomware actors targeting critical infrastructure sectors.

CISA encourages users and administrators to review the IOCs and technical details in FBI Flash CU-000163-MW and apply the recommended mitigations.

This product is provided subject to this Notification and this Privacy & Use policy.

FBI and USSS Release Advisory on BlackByte Ransomware

02/15/2022 07:40 AM EST
Original release date: February 15, 2022

The Federal Bureau of Investigation (FBI) and the United States Secret Service (USSS) have released a joint Cybersecurity Advisory (CSA) identifying indicators of compromise associated with BlackByte ransomware. BlackByte is a Ransomware-as-a-Service group that encrypts files on compromised Windows host systems, including physical and virtual servers.

CISA encourages organizations to review the joint FBI-USSS CSA and apply the recommended mitigations.

This product is provided subject to this Notification and this Privacy & Use policy.

2021 Trends Show Increased Globalized Threat of Ransomware

02/09/2022 09:00 AM EST

Original release date: February 9, 2022

CISA, the Federal Bureau of Investigation (FBI), the National Security Agency (NSA), the Australian Cyber Security Centre (ACSC), and the United Kingdom’s National Cyber Security Centre (NCSC-UK) have released a joint Cybersecurity Advisory (CSA) highlighting a global increase in sophisticated, high-impact, ransomware incidents against critical infrastructure organizations in 2021. This CSA provides observed behaviors and trends as well as mitigation recommendations to help network defenders reduce their risk of compromise by ransomware.

CISA encourages users and administrators to review joint CSA: 2021 Trends Show Increased Globalized Threat of Ransomware and visit StopRansomware.gov for more information on protecting against and responding to ransomware attacks.

This product is provided subject to this Notification and this Privacy & Use policy.