Cybersecurity authorities from Australia, the U.K., and the U.S. have published a joint advisory warning of an increase in sophisticated, high-impact ransomware attacks targeting critical infrastructure organizations across the world in 2021.
“Ransomware tactics and techniques continued to evolve in 2021, which demonstrates ransomware threat actors’ growing technological sophistication and an increased ransomware threat to organizations globally,” the agencies said in the joint bulletin.
In a noticeable shift in the wake of highly-publicized attacks on Colonial Pipeline, JBS, and Kaseya last year, ransomware actors pivoted away from “Big-game” hunting in the U.S. in the second half of 2021 to focus on mid-sized victims and evade scrutiny from law enforcement.
“After encrypting victim networks, ransomware threat actors increasingly used ‘triple extortion’ by threatening to publicly release stolen sensitive information, disrupt the victim’s internet access, and/or inform the victim’s partners, shareholders, or suppliers about the incident,” the agencies said.
Among other tactics embraced by ransomware groups to maximize impact include striking cloud infrastructures to exploit known weaknesses, breaching managed service providers to access multiple victims through one initial compromise, deploying code designed to sabotage industrial processes, poisoning the software supply chain, and conducting attacks during holidays and weekends.
“Paying the ransom also does not guarantee that a victim’s files will be recovered. Additionally, reducing the financial gain of ransomware threat actors will help disrupt the ransomware criminal business model.”