Cyber security authorities in the United States, Australia, and the United Kingdom observed an increase in sophisticated, high-impact ransomware incidents against critical infrastructure organisations globally in 2021.
Ransomware is a type of malware that attackers can deploy on a victim's computer network to encrypt their files. With modern ransomware attacks, the criminals then extort the victim to pay huge sums of money to decrypt their files and make them accessible again.
The nations have issued a warning and released a joint advisory, which is authored by cyber security authorities in the United States (The Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), and the National Security Agency (NSA), Australia (The Australian Cyber Security Centre (ACSC), and the United Kingdom (National Cyber Security Centre (NCSC).
It provides observed behaviours and trends as well as mitigation recommendations to help network defenders reduce their risk of compromise by ransomware.
Providing advice to mitigate ransomware
The joint advisory offers mitigation advice to network defenders which will reduce the risk of a compromise, which includes implementing a requirement for multi-factor authentication, Zero Trust architecture, and a user training programme with phishing exercises.
NCSC CEO Lindy Cameron said: “Ransomware is a rising global threat with potentially devastating consequences but there are steps organisations can take to protect themselves. To help ensure organisations are aware of the threat and how to defend themselves we have joined our international partners to set out the very latest threat picture alongside key advice.”
The advisory follows the announcement of the NCSC’s recently launched Ransomware Hub, which is a one-stop-shop for advice on how ransomware works, on whether a ransom should be paid, and how to prevent a successful attack.
Governments working to tackle ransomware together
As part of the agreement, the nations have pledged to intensify co-operation and delivery of shared opportunities and challenges across the cyber and critical technology policy.
Chris Usserman, Director of Security Architecture, Infoblox: “It’s encouraging to see threat intel sharing among governments to tackle ransomware and other cyber threats. We in the private sector have had a frontline view of the evolution of ransomware-as-a-service from defending against these crippling attacks and helping companies prevent and/or recover. While security hygiene and technologies form part of the solution, I hope to see more pre-emptive government actions to take down known actors and their infrastructure when they use cyber attacks to create kinetic havoc, like in the aftermath of Colonial Pipeline and attacks on critical infrastructure. As the joint statement shows, ransomware is an epidemic. We need governments to unify and shut down bad actors no matter where they hide or whom they attack.”