Arraya Insights | December 14, 2022
On December 12, 2022, the FBI and CISA released a joint Cybersecurity Advisory (CSA) as part of their ongoing #StopRansomware campaign efforts.
This joint advisory highlights the dangers of Cuba ransomware, a group of malicious actors who have reportedly acquired over $60 million in ransoms and have affected more than 100 victims. Note, that this group is not affiliated with the country, Cuba.
This advisory states:
“Since the release of the December 2021 FBI Flash, the number of U.S. entities compromised by Cuba ransomware has doubled, with ransoms demanded and paid on the increase. This year, Cuba ransomware actors have added to their TTPs, and third-party and open-source reports have identified a possible link between Cuba ransomware actors, RomCom Remote Access Trojan (RAT) actors, and Industrial Spy ransomware actors.
FBI and CISA encourage organizations to implement the recommendations in the Mitigations section of this CSA to reduce the likelihood and impact of Cuba ransomware and other ransomware operations.”
The recommended mitigation steps to help protect against Cuba ransomware include:
- Implement a recovery plan:
While ransomware prevention is important, it’s equally important that you’re prepared to respond to a ransomware attack that successfully infiltrates your system. Your company should have a well-rehearsed incident response plan in place that has been thoroughly vetted by regular ransomware tabletop exercises.
A cloud disaster recovery solution can also provide organizations with failover capabilities and remote access to their systems and data, should they suffer a ransomware attack. This can have a large impact on whether or not your organization decides to pay the ransom demand.
- Implement strong password policies:
A strong password is a complex password that is difficult for the threat actor, computer, software, or bot to guess. The longer the password the better. These should include a combination of upper- and lower-case letters, numbers, and special characters.
While MFA was once considered an extra security precaution, it’s now a required minimum. This simple, but effective measure requires users to provide a second piece of identifying information beyond just a password before being granted access. This small extra step has been reported to prevent 99% of attacks.
- Keep all operating systems, software, and firmware up to date
Updates and patches are there for a reason. While these can be repetitive, they correct known vulnerabilities that must be addressed before they can be exploited by threat actors.
- Identify, detect, and investigate abnormal network activity
A Security Information and Event Management (SIEM) solution will log security-related event data, identify abnormalities, and generate alerts when appropriate. This tool will help you identify a potential threat, fast, to prevent further spread and damage.
By separating your network into smaller segments, any threats that infiltrate your system will be contained only to that small portion rather than your entire network. This practice can improve security, visibility, and control.
A company is only as good as its last backup. Your organization should keep a backup copy offline and ensure that all data is encrypted and immutable. Your backups should be regularly tested to ensure they’re highly available when needed.
Next Steps: Test Your Ransomware Preparedness with a Ransomware Readiness Assessment
At Arraya, we focus on a proactive security approach to combat threats and make cybercrime a less lucrative pursuit overall.
Through our Ransomware Readiness Assessment, you’ll leverage our seasoned team’s firsthand knowledge of successful ransomware recovery engagements and business continuity efforts. Arraya can help determine your organization’s level of preparedness for a ransomware attack and help prioritize efforts for remediation.
This assessment will review your:
- Configuration policies
- Logging & monitoring policies
- Vulnerability management
- Patch management
- Backup processes
- Endpoint protections
- Identity & access management
To learn more about taking action against the threat of ransomware, contact our Arraya Cyber Team today.
Visit https://www.arrayasolutions.com/contact-us/ to connect with our team now.
Comment on this and all of our posts on: LinkedIn, Twitter and Facebook.
Follow us to stay up to date on our industry insights and unique IT learning opportunities.