In mid-May 2021, Russia’s Federal Security Service (FSB)’s National Coordination Center for Computer Incidentspublished a joint report with Rostelecom-Solar, the cybersecurity arm of Russian telecom company Rostelecom, about a 2020 cyber espionage campaign that targeted Russian government agencies. The publicly-available portion of the report disclosed stealthy cyber operations that targeted key individuals associated with “the federal executive branch (FOI) of the Russian Federation.” Although details of the operation have been kept close hold, the report did cite that the main intent of the campaign was to completely compromise IT infrastructure for the purposes of stealing sensitive information to include “documentation from closed segments and email correspondence.”
This is the second part of our special series on Ransomware. The first provided an update on the nature of the threat, including an anatomy of a modern attack. This post, produced with inputs from real world cybersecurity practitioners Matt Devost, Bob Flores, Junaid Islam and Bob Gourley, provides information for Corporate Board of Directors and the CEO. In our experience, the guidance provided here can mitigate the existential risks of a ransomware infection to a low level.
The scourge of ransomware is the inevitable result of decades of schizophrenia about our relationship with information technology and security. Treating this problem in the same fashion as we have those that came before it will only prolong our suffering. Clarity, creativity, and will are required if we are to have any hope of a future where ransomware is an annoyance and not a plague.
Bryson Bort is the Founder of SCYTHE, a start-up building a next generation attack emulation platform, and GRIMM, a boutique cybersecurity consultancy. He is widely known in the cybersecurity community for helping advance concepts of defense across multiple critical domains. He is the co-founder of the ICS Village, a non-profit advancing awareness of industrial control system security. Bryson is also a Senior Fellow for Cybersecurity and National Security at R Street and the National Security Institute and an Advisor to the Army Cyber Institute.
A recent report has revealed that an Iranian threat actor group dubbed “Agrius” has been operating in Israel since 2020. The group has been linked to cyber espionage activity and has quickly evolved into conducting destructive wiper malware attacks against Israeli targets. What’ more, these attacks have been posing as ransomware attacks in order to mask their true intent. This is not the group’s first foray into executing destructive attacks.