Federal agencies warn companies to be on guard against prolific ransomware strain

The FBI, the National Security Agency (NSA), and the Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday issued a warning to U.S. organizations to be aware of a specific type of ransomware that has already wreaked havoc on hundreds of groups.

The agencies issued a joint alert specifically warning groups to be on guard against the Conti ransomware variant, with the agencies noting that 400 U.S. and international groups had already fallen victim to Conti.

“The cyber criminals now running the Conti ransomware-as-a-service have historically targeted critical infrastructure, such as the Defense Industrial Base (DIB), prior to Conti campaigns, and the advisory highlights actions organizations can take right now to counter the threat,” Rob Joyce, director of Cybersecurity at NSA, said in a statement Wednesday. “We highly recommend using the mitigations outlined in this advisory to protect against Conti malware and mitigate your risk against any ransomware attack.”

The alert outlined steps that organizations can take to protect against the Conti ransomware variant, which involves cybercriminals using malicious emails, phone calls, or stolen credentials to steal and encrypt information and demand payment from victims to regain access.  

“Americans are routinely experiencing real-world consequences of the ransomware epidemic as malicious cyber actors continue to target large and small businesses, organizations, and governments,” Eric Goldstein, executive assistant director for Cybersecurity at CISA, said in a separate statement. “CISA, FBI, and NSA work tirelessly to assess cyber threats and advise our domestic and international partners on how they can reduce the risk and strengthen their own capabilities.”

“The FBI, along with our partners at CISA and NSA, is committed to providing resources in an effort to assist public and private sector entities protect their systems against ransomware attacks,” Bryan Vorndran, assistant director of the FBI’s Cyber Division added. 

The joint alert came months after the FBI issued a separate security alert outlining how the Conti ransomware variant was being used to target at least 16 healthcare and first responder networks, including emergency dispatch centers and medical services.

The FBI noted in the previous alert that 290 of the around 400 organizations victimized by Conti ransomware were in the United States, though many were international, with BBC News reporting that the ransomware attack on the Irish healthcare system in May was linked to Conti.

The security alerts come after a year of escalating ransomware attacks, with hackers using various ransomware variants to target and encrypt networks of hospitals, schools, government agencies, and major companies such as Colonial Pipeline and meat producer JBS USA.

The federal government has taken action, with the Justice Department establishing a ransomware task force in April to enhance its ability to tackle cybercrime, and the Department of Homeland Security prioritizing combating ransomware attacks as well. 

Many of the attacks have been linked to Russian-based cybercriminal groups, and President Biden strongly urged Russian President Vladimir Putin to take action against these groups during their in-person summit in Geneva earlier this year. 

FBI Director Christopher Wray testified to the House Homeland Security Committee Wednesday that while it was “too soon to tell” whether the conversations between the Biden administration and the Russian government would lead to a decrease in attacks, Russia could do more. 

“In my experience there is a lot of room, a lot of room for them to show some meaningful progress if they want to on this topic,” Wray testified.

He also noted that the FBI is currently investigating over 100 different types of ransomware variants, and that challenges were still on the horizon. 

“Ransomware has mushroomed significantly over the last year, and it’s on pace to mushroom again this year,” Wray said.