FBI: Ransomware Attackers Are Taking Aim at Critical Infrastructure – By Mariam Baksh (Defense One) / February 10, 2022
A joint advisory with CISA, the NSA, and their counterparts in the UK and Australia offers advice for defenders.
Cyber attackers who hold a victim’s system hostage by encrypting its data until their demands are met may be laying off “big game” in the U.S., but they’ve been working on code that could threaten a lot more real-world damage against those they do choose to target, according to a joint advisory from the FBI and domestic and international partner agencies.
“Although most ransomware incidents against critical infrastructure affect business information and technology systems, the FBI observed that several ransomware groups have developed code designed to stop critical infrastructure or industrial processes,” reads the advisory released Wednesday.
The joint advisory, released along with the National Security Agency and Cybersecurity and Infrastructure Security Agency, as well as their counterparts in Australia and the United Kingdom, examines ransomware trends that emerged in 2021 and offers mitigation strategies for network defenders.
In May, after Colonial Pipeline paid ransomware attackers $5 million to release their system, the company said it had proactively disconnected the operational technology—think valves, and pressure gauges—that control its physical processes, and federal agencies said there was no evidence the hackers got beyond their information technology realm.
