The FBI has issued an urgent advisory warning about a surge in ransomware attacks targeting 210 organizations spanning multiple sectors.
At a Glance
- Ransomware attacks can disrupt operations and result in the loss of critical information and data.
- The FBI advises against paying ransoms as it encourages further attacks and does not guarantee data recovery.
- The RansomHub ransomware gang has targeted various sectors, including IT, healthcare, and finance.
- An advisory identifies Iran-based cyber actors enabling ransomware attacks on U.S. organizations.
Surge in Ransomware Attacks
The FBI’s recent advisory highlights an alarming increase in ransomware attacks conducted by cybercriminals aiming to compromise and demand ransoms from multiple organizations. The infamous RansomHub group, responsible for 210 attacks since February 2024, has used sophisticated tactics to encrypt and exfiltrate data. Victims span across the IT, healthcare, finance, transportation, and emergency services sectors.
RansomHub’s approach involves double extortion, compounding the threat by potentially exposing sensitive data. The group previously known as Cyclops and Knight continue to wreak havoc, urging organizations to bolster their defenses. Among the group’s notable victims are UnitedHealth Group and Halliburton.
The Joint Ransomware Task Force, co-chaired by the #FBI and @CISAgov, is an interagency effort to combat the growing threat of ransomware attacks, launched in response to a series of high-profile attacks on US critical infrastructure. Learn more here: https://t.co/WZQPFjTWvM pic.twitter.com/32BepmBM36
— FBI (@FBI) August 20, 2024
The FBI’s Recommended Actions
The FBI strongly advises against paying ransoms, which only serves to encourage further criminal activity without any guarantee of data recovery. Instead, organizations are urged to take three key actions: promptly install updates, employ phishing-resistant multi-factor authentication, and educate users on phishing risks.
“The FBI does not support paying a ransom in response to a ransomware attack.” – FBI.
The FBI’s advisory also emphasizes the need for robust defenses and swift responses to mitigate the impacts of these attacks. By implementing stronger cybersecurity measures, organizations can deter potential infiltrations and reduce the risk of data breaches.
Cyber Actors from Iran
A separate advisory from CISA, FBI, and DC3 has identified Iran-based cyber actors with ties to known ransomware operations. These actors, linked to the Iranian government and an IT company, are coordinating efforts to gain and develop network access, a prelude to deploying ransomware. The group has targeted various organizations in the U.S., Israel, Azerbaijan, and UAE since 2017.
“This alert demonstrates the close ‘international cooperation’ between hackers to exploit cyber espionage campaigns for criminal profit,” said John Riggi, AHA national advisor for cybersecurity and risk.
Once inside a network, these cyber actors create accounts, disable security software, increase privileges, and leverage cloud-computing resources to further their attacks. Affected organizations span the education, finance, healthcare, defense, and other sectors. Immediate patching of known vulnerabilities, specifically CVE-2024-3400, CVE-2022-1388, CVE-2019-19781, and CVE-2023-3519, is critical.
