The Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) recently observed increases in ransomware cyberattacks. Indeed, in Alert AA21-265A, the agencies note the use of Conti ransomware in over 400 attacks on various global organizations. By and large, in Conti ransomware cyberattacks, malicious entities steal files, encrypt servers and workstations, and demand a ransom payment. Earlier, in April 2021, the Department of Labor (DOL) announced cybersecurity guidance for plan sponsors, fiduciaries, recordkeepers, and plan participants.
Background on Conti Ransomware Cyberattacks
In summary, Conti is a ransomware-as-a-service (RaaS) model ransomware variant. Accordingly, Conti users often gain initial access to networks through the following:
- “Spearphishing campaigns” using tailored emails that contain malicious attachments or malicious links. For example, malicious Microsoft Word attachments often include embedded scripts that can download or drop other malware.
- Stolen or weak Remote Desktop Protocol (RDP) credentials;
- Phone calls;
- Fake software promoted via search engine optimization;
- Other malware distribution networks; and
- Common vulnerabilities in external assets.
As a result of gaining unauthorized access, Conti users steal or encrypt company or personal files and demand payment for restoration. Additionally, the criminal could threaten the victim with the public release of the data should they not pay the ransom.
Recommendations to Prevent Ransomware Cyberattacks
Generally, in the September 2021 Alert, the CISA and the FBI recommend that employers take the following steps to prevent cyberattacks:
- Use multi-factor authentication to remotely access networks from external sources.
- Implement network segmentation to reduce the spread of malware.
- Filter network traffic to prohibit the presence of malicious IP addresses.
- Scan for vulnerabilities and keep software updated.
- Remove unnecessary applications and apply controls as to what software to use and download.
- Implement endpoint and detection response tools to protect against any malicious cyber activity.
- Limit access to resources over the network.
- Secure user accounts to ensure all users are legitimate users.
Cybersecurity Awareness Training
Presently, many laws require businesses to take reasonable steps to protect personal information collected from customers, employees, or job applicants. Given that, all employees must know the common workplace cybersecurity threats and recognize what protections are available against cyberattacks. To assist employers, Personnel Concepts has developed an online, interactive Cybersecurity Awareness Training Program. Explicitly, businesses of any size and industry can help train employees on keeping personal information safe by using this resource.