A recent Joint Cybersecurity Advisory authored by cybersecurity professionals in the U.S., U.K., and Australia, announced an increase in sophisticated ransomware incidents against critical infrastructure, including government facilities, education, defense, emergency services, and IT sectors.
The three biggest infection vectors for ransomware in 2021 were phishing emails, remote desktop protocol (RDP) exploitation, and the exploitation of software vulnerabilities. The market for ransomware became increasingly “professional” in 2021, with criminals using ransomware-as-a-service (RaaS) to perform attacks and using other independent services to maximize payments from victims. In the U.S., there was a shift away from targeting high-value organizations toward mid-sized victims to reduce scrutiny. Ransomware groups have increased their impact by targeting cloud infrastructures, managed service providers, industrial processes, the software supply chain, and by launching their attacks on holidays and weekends.
The Joint Cybersecurity Advisory noted that if the ransomware criminal business model continues to yield financial returns, ransomware incidents will become more frequent. Authorities strongly discourage paying a ransom to criminal actors.
Immediate actions you can take now to protect against ransomware:
-
Update your operating system and software.
-
Implement user training and phishing exercises to raise awareness about the risks of suspicious links and attachments.
-
If you use Remote Desktop Protocol (RDP), secure and monitor it.
-
Make an offline backup of your data.
-
Use multifactor authentication (MFA).
For more information and resources on protecting against and responding to ransomware, visit StopRansomware.gov.
Contact Information
We are committed to working with schools to combat cybersecurity attacks. If you have any questions about the information included in this announcement, please contact FSASchoolCyberSafety@ed.gov.