• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to secondary sidebar

Alston & Bird Privacy, Cyber & Data Strategy Blog

  • Home
  • Services
  • Events
  • Contacts

US, UK, and Australia Issue Joint Cybersecurity Advisory on Ransomware Threat to Critical Infrastructure

February 18, 2022 By Kim Peretti, Jon Knight and Kristen Bartolotta

On February 9, 2022 the United States, United Kingdom, and Australia issued a joint Cybersecurity Advisory on the “Increased Globalized Threat of Ransomware” against critical infrastructure sectors (“Advisory”).  The Advisory lists trends in cyber-criminal activity from the last year and also provides mitigation strategies and recommendations to reduce the risk of compromise and the impact of ransomware incidents.

The Advisory Illustrates That Critical Infrastructure Is A Global Target

Within the United States, the Advisory notes there have been ransomware attacks against “14 of the 16 U.S. critical infrastructure sectors,” including the Defense Industrial Base, Emergency Services, Food and Agriculture, Government Facilities, and Information Technology Sectors.  Australia reports targeting of sectors including Healthcare and Medical, Financial Services and Markets, Higher Education and Research, and Energy, while the United Kingdom notes Education is one of the top sectors targeted by ransomware actors.

While The Ransomware Model Remains Consistent, Criminals Are Exploring Additional Extortion Opportunities

The Advisory indicates that phishing, Remote Desktop Protocols (“RDP”), and exploited vulnerabilities continue to be key vectors for ransomware intrusion.  It also notes that “professional” ransomware actors became increasingly common in 2021 and that ransomware threat actors may now use independent services to negotiate payments, assist victims with making payments, or even arbitrate payment disputes between themselves and other cyber criminals.

While the Advisory notes there may be a shift away from targeting “big game” organizations due to law enforcement pressure, the UK observed targeting of organizations of all sizes throughout the year. Importantly, there has been a notable increase in the use of “triple extortion”: threaten to (1) publicly release stolen sensitive information; (2) disrupt the victim’s internet access, and/or (3) inform the victim’s partners, shareholders, or suppliers about the incident.

The Advisory Lists Common Ransomware Mitigation Steps

In a common governmental refrain, the Advisory discourages payment of the ransom on the grounds that this confirms the viability and financial attractiveness of the ransomware criminal business model.  The Advisory does provide helpful reminders of mitigating steps that may help protect against these attacks.  These include:

  • Patch and update operating systems and software in a timely fashion.
  • Eliminate or minimize use of RDP and require multi-factor authentication (“MFA”) and white listing for any RDP that is required.
  • Implement a user training program and conduct phishing exercises.
  • Require strong and unique passwords for all accounts, and MFA for as many services as possible.
  • Protect cloud storage by backing up to multiple locations, requiring MFA for access, and encrypting data in the cloud.
  • Implement end-to-end encryption, detect and investigate abnormal activity, document external remote connections, implement time-based access for privileged accounts, maintain offline backups of data and regularly test backup restoration, and ensure all backup data is encrypted.

Filed Under: Uncategorized

About Kim Peretti

A former DOJ cybercrime prosecutor and former director of PwC's cyber forensics group, Kim delivers top of the line cyber risk management and information security counsel to her clients. As co-leader of our Privacy, Cyber & Data Strategy Team, Kim is recognized by select publications and is frequently quoted by the media.

[Read Bio]

About Jon Knight

Jon Knight is a senior associate with Alston & Bird’s Privacy, Cyber & Data Strategy Team in the Washington, D.C. office. He focuses his practice on cybersecurity and privacy compliance and enforcement, as well as emerging technology issues.

[Read Bio]

About Kristen Bartolotta

Kristen Bartolotta is an associate in Alston & Bird’s Privacy, Cyber & Data Strategy Team. She advises clients on managing privacy and cyber risk, breach investigations and response, transactional diligence, and emerging technologies. Kristen also advises on privacy and security compliance at the state, federal, and international levels.

[Read Bio]

Primary Sidebar

This blog is a service of Alston & Bird’s Privacy, Cyber & Data Strategy team and focuses on key data privacy and data security issues.


Receive email notifications when new posts are added.

Receive email notifications when new posts are added.


THE DIGITAL DOWNLOAD
Click here to see the editions

PRIVACY & CYBER EVENTS
Click here to see upcoming and past events

PRIVACY & CYBER MAILINGS
Click here to sign up

@ALSTONPRIVACY
Click here to follow us on Twitter

Secondary Sidebar

Categories

Recent Posts

  • Belgian Supervisory Authority Sanctions News Media Company for Violating Cookie Rules
  • DOJ Issues New Policy on CFAA Prosecutions
  • EDPB Issues Draft Guidelines on the Calculation of Administrative Fines
  • The California Privacy Protection Agency Solicits Public Input on Forthcoming Privacy Regulations
  • U.S. Department of Commerce Announces the Establishment of a Global CBPR Forum
Copyright © 2022 · Alston & Bird · All Rights Reserved. Privacy.