On Wednesday, the FBI, the National Security Agency (NSA), and the Cybersecurity and Infrastructure Security Agency (CISA) issued a warning to U.S. organizations about a specific type of ransomware that has already wreaked havoc on hundreds of organizations.
The agencies issued a joint alert specifically warning groups to be on the lookout for the Conti ransomware variant, noting that 400 U.S. and international organizations had already fallen victim to Conti.
“The cyber criminals now running the Conti ransomware-as-a-service have historically targeted critical infrastructure, such as the Defense Industrial Base (DIB), prior to Conti campaigns, and the advisory highlights actions organizations can take right now to counter the threat,” said Rob Joyce, director of Cybersecurity at the National Security Agency, in a statement Wednesday. “We strongly advise you to use the mitigations outlined in this advisory to protect against Conti malware and reduce your risk of a ransomware attack.”
The alert outlined steps that organizations can take to protect themselves from the Conti ransomware variant, which involves cybercriminals using malicious emails, phone calls, or stolen credentials to steal and encrypt data and demand payment from victims in order to regain access.
“As malicious cyber actors continue to target large and small businesses, organizations, and governments, Americans are routinely experiencing real-world consequences of the ransomware epidemic,” Eric Goldstein, executive assistant director for Cybersecurity at CISA, said in a separate statement. “The CISA, FBI, and NSA work tirelessly to assess cyber threats and advise our domestic and international partners on how to mitigate risk and strengthen their own capabilities.”
“The FBI, in collaboration with our partners at CISA and the NSA, is committed to providing resources to help public and private sector entities protect their systems from ransomware attacks,” Bryan Vorndran, assistant director of the FBI’s Cyber Division, added.
The joint alert came months after the FBI issued a separate security alert outlining how the Conti ransomware variant was being used to target at least 16 healthcare and first responder networks, including emergency dispatch centers and medical services.
The FBI noted in a previous alert that 290 of the approximately 400 organizations victimized by Conti ransomware were in the United States, though many were international, with BBC News reporting that Conti was linked to a ransomware attack on the Irish healthcare system in May.
The security alerts follow a year of escalating ransomware attacks, with hackers targeting and encrypting networks of hospitals, schools, government agencies, and major corporations such as Colonial Pipeline and meat producer JBS USA. The federal government has taken action, with the Justice Department forming a ransomware task force in April to improve its ability to combat cybercrime and the Department of Homeland Security prioritizing the fight against ransomware attacks as well.
Many of the attacks have been linked to Russian-based cybercriminal groups, and President Biden urged Russian President Vladimir Putin to take action against these groups earlier this year during their in-person summit in Geneva.
While it was “too soon to tell” whether the conversations between the Biden administration and the Russian government would result in fewer attacks, FBI Director Christopher Wray testified to the House Homeland Security Committee on Wednesday that Russia could do more.
“In my experience, there is a lot of room for them to show some meaningful progress on this topic if they want to,” Wray testified.
He also mentioned that the FBI is currently investigating over 100 different types of ransomware variants, and that more challenges were on the way.
“Ransomware has mushroomed significantly over the last year, and it’s on pace to mushroom again this year,” Wray said.