Security News > 2022 > February > CISA, FBI, NSA Issue Advisory on Severe Increase in Ransomware Attacks

Cybersecurity authorities from Australia, the U.K., and the U.S. have published a joint advisory warning of an increase in sophisticated, high-impact ransomware attacks targeting critical infrastructure organizations across the world in 2021.
"Ransomware tactics and techniques continued to evolve in 2021, which demonstrates ransomware threat actors' growing technological sophistication and an increased ransomware threat to organizations globally," the agencies said in the joint bulletin.
In a noticeable shift in the wake of highly-publicized attacks on Colonial Pipeline, JBS, and Kaseya last year, ransomware actors pivoted away from "Big-game" hunting in the U.S. in the second half of 2021 to focus on mid-sized victims and evade scrutiny from law enforcement.
"After encrypting victim networks, ransomware threat actors increasingly used 'triple extortion' by threatening to publicly release stolen sensitive information, disrupt the victim's internet access, and/or inform the victim's partners, shareholders, or suppliers about the incident," the agencies said.
Among other tactics embraced by ransomware groups to maximize impact include striking cloud infrastructures to exploit known weaknesses, breaching managed service providers to access multiple victims through one initial compromise, deploying code designed to sabotage industrial processes, poisoning the software supply chain, and conducting attacks during holidays and weekends.
"Paying the ransom also does not guarantee that a victim's files will be recovered. Additionally, reducing the financial gain of ransomware threat actors will help disrupt the ransomware criminal business model."
News URL
https://thehackernews.com/2022/02/cisa-fbi-nsa-issue-advisory-on-severe.html
Related news
- CISA and FBI: Ghost ransomware breached orgs in 70 countries (source)
- Medusa Ransomware Strikes 300+ Targets: FBI & CISA Urge Immediate Action to #StopRansomware (source)
- CISA tags Microsoft .NET and Apache OFBiz bugs as exploited in attacks (source)
- CISA orders agencies to patch Linux kernel bug exploited in attacks (source)
- FBI, Europol, and NCA Take Down 8Base Ransomware Data Leak and Negotiation Sites (source)
- US indicts 8Base ransomware operators for Phobos encryption attacks (source)
- RA World Ransomware Attack in South Asia Links to Chinese Espionage Toolset (source)
- Chinese espionage tools deployed in RA World ransomware attack (source)
- Lee Enterprises newspaper disruptions caused by ransomware attack (source)
- CISA Flags Craft CMS Vulnerability CVE-2025-23209 Amid Active Attacks (source)