Cyber Security

CISA Warns of Ransomware Gang, Issues Indicators of Compromise

Processes spurring from the Ragnar Locker Ransomware have affected at least 52 critical infrastructure victims since January, but will terminate if it encounters systems in certain Russian and near-Russian locations.

Cybersecurity and Infrastructure Security Agency Executive Director Brandon Wales emphasized the importance of small and medium sized organizations preparing for ransomware attacks in the wake of a warning officials issued to be on the lookout for a threat actor known as the Ragnar Locker gang, which appears to avoid Russia-related entities. 

“These issues that you’re addressing and bringing together the small- and medium-sized businesses on are absolutely essential,” Wales said, “both given our current threat environment and because we know that these issues are front of mind, for business leaders throughout the country.” 

Wales spoke during an event hosted by the Aspen Institute on Tuesday, which simulated a ransomware attack to highlight unforeseen challenges that arise over the course of a victim’s response. He reiterated that CISA currently doesn’t deem the homeland to be under cyber threat, but his remarks follow an FBI Flash warning the National Cyber Awareness System pushed out Tuesday on ransomware that’s coded to circumvent entities in and around Russia.  

“We’ve made it clear on a number of occasions, but at this time we are not aware of any specific or credible cybersecurity threat to the homeland,” Wales said. “That being said, we are mindful of the potential for Russia to escalate destabilizing actions it’s taking inside of Ukraine that could have impacts outside of Ukraine, and we’ve been working across our federal government to ensure our departments and agencies have taken the necessary steps to be protected and on guard against what is possible.”

The FBI has tracked at least 52 U.S. organizations across 10 critical infrastructure sectors—including in manufacturing, energy, finance, IT and government—that have been affected by Ragnar Locker ransomware, as of January, according to the Flash report. 

The bureau previously released a flash warning on the Ragnar Locker gang in November 2020, noting then about the group’s ransomware: “If the victim’s locale is found to be ‘Azerbaijani,’ ‘Armenian, ‘Belorussian,’ ‘Kazakh,’ ‘Kyrgyz,’ ‘Moldavian,’ ‘Tajik,’ ‘Russian,’ ‘Turkmen,’ ‘Uzbek, ‘Ukrainian’ or ‘Georgian,’ the process will terminate.”

The new warning includes an updated list of indicators of compromise, including IP, email and Bitcoin addresses.

Source: https://www.nextgov.com/cybersecurity/2022/03/cisa-warns-ransomware-gang-issues-indicators-compromise/362916/

Click to comment

You May Also Like

Cyber Security

A top Defense Department official described the private sector as “absolutely essential” in implementing the agency’s new cyber strategy. A top Defense Department official...

Cyber Security

How a cornerstone cybersecurity program has evolved from information collection to active defense. The Cybersecurity and Infrastructure Security Agency has used its Continuous Diagnostics...

Cyber Security

Cybercriminals are increasingly leveraging extreme weather events to launch attacks on critical infrastructure sectors. Cybersecurity experts say critical infrastructure operators can leverage a set...

Cyber Security

A new report says a cyber threat actor within Russia’s military intelligence service leveraged a novel malware campaign targeting Android devices used by the...

Copyright © 2023 Newsworthy News | Global | Political | Local | All News | Website By: Top Search SEO

Exit mobile version