FBI warns of ransomware attack that affected 30 US companies in 2021
The FBI issued an alert on Monday () reporting that the criminal group Ranzy Locker was responsible for at least 26 attacks that affected companies in US sectors such as technology, transportation and information.
The alert, issued in conjunction with the United States Infrastructure Security and Cybersecurity Agency (CISA), has as aim to inform corporations about the danger of Ranzy Locker and other cyber hijacking agents (ransomware), in addition to showing how to identify attempts to attack this threat.
The FBI communiqué also states that the hijack warning left by the Ranzy Locker criminals has similarities to those found in the scams carried out by the ransomware agents AKO and ThunderX . Both groups disappeared for some time, but speculation indicates that they have joined together to form the threat warned by the US agency in its note.
How the attack occurs
The FBI reports that most victims had their systems hacked through brute-force attacks, where criminals try random credentials until they gain access. Other methods used were the abuse of Microsoft Exchange vulnerabilities and the use of stolen passwords in phishing scams.
Once inside their victims’ network, Ranzy Locker’s operators steal documents before encrypting the files. This misplaced data typically contains sensitive information such as customer data and financial records, and is used to convince victims to pay ransom from threats of leaks, setting up a “double-extortion” attack.
Victims are directed to a payment site on Tor, a program used for communications 100% anonymous on the internet, where a chat is made available for trading with criminals. As part of the operation, Ranzy Locker’s operators allow affected people to release access to three files for free, to prove that the restoration is real. Soon after, they demand payment of the ransom.
If payment does not take place, the documents will be made available to the public on the Ranzy Leak website, along with information from other companies that refused to comply with the criminals’ demands.
Protection
In addition, in early September, CISA published a manual with instructions on how to prevent these crimes threats. Check out some of the recommendations contained in the following official document:
- Make frequent data backups, keeping them in an offline environment protected by encryption;
- Create a basic cybersecurity plan to respond to incidents, maintain operations, and communicate about the steps that must be followed;
- Use proper remote access settings, conduct frequent scans for vulnerabilities, and keep software up to date;
Source: BleepingComputer
