2019 was a particularly bad year for ransomware attacks, and while there was a reduction in the use of ransomware in 2020, attacks increased sharply in 2021, with the education sector and government organizations the most attacked sectors, although no industry sector is immune to attacks.
There is growing concern about the increase in attacks on critical infrastructure organizations, which are an attractive target for ransomware gangs. According to the data from the Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), and the National Security Agency (NSA), 14 of the 16 critical infrastructure sectors in the United States reported ransomware attacks in 2021, including the defense industrial base, emergency services, healthcare, food and agriculture, information technology, and government facilities. Cybersecurity agencies in the United Kingdom and Australia have also said critical infrastructure has been targeted.
Critical Infrastructure Organizations Warned About AvosLocker Ransomware Attacks
This week, a warning has been issued by the Federal Bureau of Investigation (FBI), the U.S. Department of the Treasury, and the U.S. Treasury Financial Crimes Enforcement Network (FinCEN) about ransomware attacks using AvosLocker ransomware.
AvosLocker was first identified as a threat in late June 2021 and despite being a relatively new threat, poses a significant risk. Attacks using the ransomware increased in the latter half of 2021, with spikes in attacks occurring in November and December. Variants of AvosLocker ransomware have now been developed to attack Linux as well as Windows systems.
As is now common, the attackers engage in double extortion and demand payment for the keys to decrypt files and to prevent the release of stolen data. The gang operates a data leak site where a sample of stolen data is uploaded and made accessible to the public. The gang says it then sells the stolen data to cybercriminals if payment is not made. AvosLocker is one of a handful of ransomware operations that also makes contact with victims by phone to encourage them to pay the ransom. The gang is known to issue threats of Distributed Denial of Service (DDoS) to further pressure victims into paying the ransom.
AvosLocker is a ransomware-as-a-service operation where affiliates are recruited to conduct attacks for a percentage of any ransom payments they generate. Consequently, the attack vectors used in attacks depend on the skillsets of the affiliates. Common vulnerabilities are known to be exploited to gain initial access to networks, including vulnerabilities associated with Proxy Shell and unpatched vulnerabilities in on-premises Microsoft Exchange Servers. However, over the past year, spam email campaigns have been a primary attack vector.
Email Filtering Vital for Defending Against Ransomware Attacks
Spam email is a common attack vector used by ransomware gangs. Spam email campaigns are effective and provide low-cost access to victim networks. Phishing and spam campaigns either use malicious attachments or embedded hyperlinks in emails, along with social engineering techniques to convince end users to open the attachments or click the links.
The primary defense against these attacks is email filters. Email filters scan all inbound emails and attachments and prevent malicious messages from being delivered to inboxes. Since cyber actors are constantly changing their lures, social engineering methods, and strategies to bypass email security solutions, it is vital to have an email security solution in place that can respond to changing tactics.
Email security solutions that use artificial intelligence and machine learning to identify and block threats outperform solutions that rely on antivirus engines and blacklists of known malicious IP addresses. SpamTitan incorporates artificial intelligence in addition to blacklists, dual antivirus engines, and sandboxing to identify malicious emails, and has comprehensive threat intelligence feeds to identify new threats rapidly. SpamTitan also provides time-of-click protection against malicious hyperlinks in emails to ensure users are well protected against phishing, malware, ransomware, and other email threats.
Don’t Neglect Security Awareness Training for the Workforce
It is also important to provide security awareness training to all members of the workforce from the CEO down. The FBI and the U.S. Treasury Department recommended in the latest alert to “Focus on cyber security awareness and training,” and “Regularly provide users with training on information security principles and techniques as well as overall emerging cybersecurity risks and vulnerabilities (i.e., ransomware and phishing scams).” TitanHQ can help in this regard with SafeTitan – “The only behavior-driven security awareness solution that delivers security training in real-time.”
For more information on improving your defenses against ransomware and other cyber threats, give the TitanHQ team a call to inquire about email filtering, web filtering, and security awareness training for your workforce.