HC3 TLP White Alert: Ransomware Awareness for Holidays and Weekends September 1, 2021

Executive Summary

The FBI and CISA stated that in the “last several months” they have observed an increase of “highly impactful” ransomware attacks occurring during holidays or generally when people are out of the office. The FBI's Internet Crime Complaint Center (IC3), from January 1 - July 31, 2021, received a “62 percent increase in reporting and 20 percent increase in reported losses compared to the same time frame in 2020.” The most common ransomware variants reported to IC3 were: Conti, PYSA, LockBit, RansomEXX/Defray777, Zeppelin, and Crysis/Dharma/Phobos.

To mitigate or prevent the ransomware attacks, the FBI and CISA suggest that organizations “engage in preemptive threat hunting on their networks.” Additionally, the most common initial access vectors identified by the FBI are phishing and brute force attacks on unsecured remote desktop protocol endpoints.

Report

CISA – Alert (AA21-243A) Ransomware Awareness for Holidays and Weekends
https://us-cert.cisa.gov/ncas/alerts/aa21-243a

Impact to HPH Sector

HC3 has previously identified the Conti and PYSA ransomware variants as having victimized entities in the Healthcare and Public Health (HPH) Sector. Sector entities targeted by ransomware could have some or all their data leaked and experience disruptions to services provided to their patients and customers.

References

CISA – Mitigations and Hardening Guidance for MSPs and Small- and Mid-sized Businesses
https://www.cisa.gov/sites/default/files/publications/CISA%20Insights_Guidance-for-MSPs-and-Small-and-Mid-sized-Businesses_S508C.pdf

CISA – Additional Resources Related to the Prevention and Mitigation of Ransomware
https://www.stopransomware.gov

Contact Information
If you have any additional questions, please contact us at HC3@hhs.gov.