The FBI reveals new insights on ransomware tactics, focusing on evolving methods used by cybercriminals to attack networks and extort businesses. A recent alert marked “TLP: AMBER” warns organizations to remain vigilant against ransomware threats that can disrupt operations and expose sensitive data.
The alert reads, in part, as follows:
“Since January 2019, LockerGoga ransomware has targeted large corporations and organizations in the United States, United Kingdom, France, Norway, and the Netherlands. The MegaCortex ransomware, first identified in May 2019, exhibits Indicators of Compromise (IOCs), command and control (C2) infrastructure, and targeting similar to LockerGoga.
The actors behind LockerGoga and MegaCortex gain a foothold on a corporate network using exploits, phishing attacks, SQL injections, and stolen login credentials.”
The alert also states that the attackers behind these two ransomware strains frequently use Cobalt Strike tools, including Cobalt beacons, to gain remote access.
Once attackers enter a target network, they carefully explore and map the environment. They seek out the most sensitive information, including proprietary company data, payment card details, and customer records.
The goal is to identify the highest-value data that can be exfiltrated to the command and control server for sale on the black market. Finally, after extracting all valuable information, the hackers trigger the ransomware. This locks the network and demands payment, further extorting the affected organization.
The FBI also reports that nation-states often carry out hacking operations. These groups use ransomware to make it appear as if traditional cybercriminals conducted the attack, misleading forensic investigators. FBI Reveals New Insights on Ransomware Tactics
Network mapping and data exfiltration can take weeks or months, depending on the network’s size. Organizations may be infected long before visible signs of the attack appear. For this reason, having robust security systems is more important than ever. Businesses should maintain remote backups taken at regular intervals and develop a rapid response plan for handling breaches.
Used with permission from Article Aggregator