FBI Finds Over 100 Active Ransomware Variants
The Agency Warns That Ransomware Can Paralyze Organizations, and the Cost to Rebuild an Encrypted Network Can Be Catastrophic for Small and Medium-Sized Businesses and Municipalities.
The Federal Bureau of Investigation (FBI) has issued an official statement warning that over 100 active ransomware variants are busy launching attacks on U.S. businesses, schools, and other organizations.
A Rise in ‘Double Extortion’ Attacks
According to the Bureau, cybercriminals have enhanced their capabilities to increase the scale, impact, and prevalence of ransomware attacks.
Ransomware-as-a-service, which relies on an aggregator – a person or a group that sells or rents malware to interested parties, has decreased the barrier to entry and technological savvy needed to carry out and benefit from these compromises and increased the number of criminals conducting ransomware campaigns. There are more than 100 variants under investigation, the majority of which have already been used in multiple ransomware campaigns.
Another prominent tactic observed by the FBI is the ‘double extortion’ trend, where actors encrypt, steal, and threaten to leak or sell victims’ data.
Recently, we have seen “double extortion” ransomware (…) emerge as a leading tactic for cybercriminals, raising the stakes for victims, which in turn has increased the likelihood of ransom payments being made. While cybercriminals remain opportunistic, they have also become more targeted in their campaigns, purposely aiming their malware at those institutions which can least afford downtime, specifically infrastructure critical to public safety, including hospitals and emergency services.
According to the data presented by Atlas VPN, ransomware has already cost victims $45 million in 2021. Some of the ransom payments made this year are the largest ones we have seen yet.
How the FBI’s Cyber Strategy Counters the Ransomware Threat
Together with the Department of Justice’s Ransomware and Digital Extortion Task Force, the Bureau’s strategy for countering ransomware and other cybercriminal attacks is focused on pursuing and disrupting:
1) The threat actors – identify those responsible for ransomware attacks, arrest them, and, whenever possible, extradite them to the United States to face justice.
2) Their infrastructure – adds to the impact, as it raises their costs, disrupts their operations, prevents new victims, and often gives us new intelligence on their operations.
3) Their money – trace the transactions, seize funds, and shut down illicit currency exchanges.
…all while providing help to victims and actionable intelligence to warn potential future targets.
How to Stay Safe
Individuals, cybersecurity professionals and system administrators, and organizations can use threat information shared by the FBI to strengthen their network defenses and guard against ransomware and other malicious cyber activity.
Organizations are urged to create an incident response plan. This way, if they’re compromised, they’ll know exactly what to do and make decisions quickly. What’s more, it is also recommended to build relationships with their local FBI field offices.
Finally, if you are compromised, or if you think you may have been, you need to report it as quickly as you can. You can report these incidents via the Internet Crime Complaint Center or by contacting your local FBI field office.
Ransomware has become one of the most costly and destructive threats to businesses and governments. On top of this, throughout the COVID-19 pandemic, we saw callous opportunism by criminal groups who put public safety at risk by attacking health care providers during a global pandemic. These groups demonstrate no morality; they will target entities big and small, public and private, and show little care for how their actions affect vulnerable populations.