The Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA) and the FBI have released an advisory saying they have observed more than 400 cyberattacks against U.S. and international organizations using Conti ransomware.
Malicious actors use Conti to encrypt workstations and servers, steal files and ask for a ransom payment and gain access to networks through spearphishing campaigns, stolen remote desktop protocol credentials, fake software, phone calls and other common vulnerabilities in external assets, CISA said Wednesday.
“We encourage Americans to visit stopransomware.gov to learn how to improve their own cybersecurity to mitigate risk of becoming a victim of ransomware,” said Eric Goldstein, executive assistant director for cybersecurity at CISA.
NSA, CISA and FBI are recommending several measures to mitigate the risk of Conti ransomware attacks, such as using multifactor authentication, implementing network segmentation and filtering traffic, keeping software updated and screening for vulnerabilities and implementing endpoint and detection response tools.
Rob Joyce, director of cybersecurity at NSA and a previous Wash100 awardee, said cybercriminals using Conti have targeted the defense industrial base and critical infrastructure and NSA is calling on organizations to use the mitigations in the advisory to reduce their risk to ransomware attacks.
ExecutiveBiz, sister site of ExecutiveGov, will host a virtual event about securing the supply chain on Oct. 26. Visit ExecutiveBiz.com to sign up for the “Supply Chain Cybersecurity: Revelations and Innovations” forum.