The U.S. Federal Bureau of Investigation (FBI) Internet Crime Complaint Center (IC3) issued a public service announcement about an increasing number of high-impact ransomware attacks against public and private organizations in the U.S.
FBI stated that since the beginning of 2018, there was a sharp decline in the incidence of ransomware campaigns but the impact from these ransomware attacks have increased notable as seen from the complaints received by IC3 and FBI case information.
Even though state and local governments are the usual targets for ransomware attacks, the threat actors have also begun to target the health care organizations, industrial companies, and the transportation sector.
Various techniques are used by the attackers to infect the target systems with ransomware which includes large scale or targeted phishing campaigns and exploiting software and Remote Desktop Protocol (RDP) vulnerabilities.
Do not pay the ransom
FBI asks all individuals or organizations who have been affected by the ransomware to not pay the ransom. Instead they must contact their local FBI field office and report the incidents to ic3.gov at the earliest.
On receiving the reports, the FBI will contact the victims and work with them to take the necessary actions.
In case if the victims decided to pay the ransom or not, FBI urges them to report the incidents to law enforcement. If they report, then the investigators will get the necessary information required for them to track the ransomware attackers and hold them accountable under U.S. law, and prevent any attacks in future.
The following are some of the practices that are suggested to the US organizations by the FBI:
- Back up data on a regular basis and verify its integrity
- Focus on awareness and training
- Patch the operating system, software and firmware on devices as and when available.
- Enable anti-malware auto-update and perform regular scans
- Implement the least privilege for file, directory, and network share permissions
- Disable macro scripts from Office files transmitted via email
- Implement software restriction policies and controls
- Employ best practices for use of RDP
- Implement application whitelisting
- Implement physical and logical separation of networks and data for different org units
- Require user interaction for end-user apps communicating with uncategorized online assets
U.S. hospitals and schools affected by ransomware
Three hospitals from Alabama, namely the DCH Regional Medical Center, Northport Medical Center, and Fayette Medical Center hospitals were affected by a ransomware this week, that lead to the suspension of their IT infrastructure and permitting only limited access.
The three hospitals had to completely close down and that they are only accepting the most critical new patients.
Californian medical practice Wood Ranch Medical which was hit by a ransomware attack in early August stated that they are closing their offices on December 17 due to the extensive loss caused on their patient healthcare records.
There are several schools in the US which were also hit by ransomware attacks since the beginning of 2019. It is reported that 1,051 individual schools, colleges and universities were affected by at least 62 incidents.
Legislation passed due to increased ransomware activity
In response to the uncontrolled ransomware attacks against U.S. state and local governments, as well as businesses and organizations, the Senate passed the ‘DHS Cyber Hunt and Incident Response Teams Act’ last week to authorize the Department of Homeland Security (DHS) to maintain incident response teams for helping private and public entities defend against ransomware and cyber-attacks.
According to the passed legislation, these teams are responsible for:
- Assistance to asset owners and operators in restoring services following a cyber incident;
- Identification of cybersecurity risk and unauthorized cyber activity;
- Mitigation strategies to prevent, deter, and protect against cybersecurity risks;
- Recommendations to asset owners and operators for improving overall network and control systems security to lower cybersecurity risks, and other recommendations, as appropriate;
The teams also provide advice and technical support on how to strengthen IT systems against ransomware and other types of attacks to any entities that ask for their assistance.
Federally-resourced cyber response teams will also assist organizations if they fall victim to ransomware or any cyber-attacks.