The Cybersecurity and Infrastructure Security Agency and the FBI offer an update on signs of compromise and tactics, techniques, and procedures similar to Royal ransomware in an earlier joint notice from CISA and the FBI. Recently observed malicious approaches revolve around renaming the Royal ransomware to “BlackSuit” with enhanced cyberattack capabilities, CISA said on Wednesday.
According to the new advisory, phishing emails are among BlackSuit actors’ most effective vectors for ransomware deployment and data exfiltration.
The actors use the exfiltrated knowledge for extortion purposes, threatening to reveal it publicly in the event of a leak if the victim does not pay a ransom ranging between 1 and 10 million dollars.
CISA and the FBI urge network defenders to adopt mitigation measures aligned with cross-industry cybersecurity functionality goals developed through the National Institute of Standards and Technology and CISA.
A recommended cybersecurity technique requires that administrator accounts have phishing-resistant multi-factor authentication for webmail and virtual personal networks.
Other cybersecurity tips in the update include disabling links in emails and earned macros by default.
ExecutiveGov, published through Executive Mosaic, is a site committed to federal government news and headlines. ExecutiveGov serves as a source of data on existing topics and issues facing federal government departments and agencies, such as Gov 2. 0, cybersecurity policy, fitness IT, green IT, and homeland security. We also aim to spotlight diverse federal government workers and interview key government leaders whose impact resonates beyond their agency.
Read >>