UK sanctions Russian cyber criminals associated with ransomware attacks
Seven Russian cyber criminals were sanctioned by the UK and the US this week in the first wave of new coordinated action against international cyber crime.
The individuals have been associated with the development or deployment of ransomware strains, which have been used to target the UK and US.
The new campaign of concerted action follows a large-scale, ongoing investigation by the National Crime Agency which identified 149 British victims of ransomware strains known as Conti and Ryuk. The ransomware was responsible for extorting at least an estimated £27 million.
Ransomware is the most acute cyber threat the UK faces and attacks can have devastating consequences on an organisation’s operations, finances and their reputation.
Organisations should take immediate steps to help mitigate ransomware attacks by following the NCSC’s guidance.
CISA releases advisories following ransomware threats
Cybersecurity and Infastructure Security Agency (CISA) has released a recovery script that could help organisations affected by ESXiArgs ransomware to recover access to their files.
This ransomware can make virtual machines unusable by encrypting configuration files on vulnerable ESXi servers.
Additionally, as part of their #StopRansomware effort, CISA have published an advisory highlighting ongoing ransomware activity targeting healthcare and other critical national infrastructure organisations. The advisory focuses on Democratic People’s Republic of Korea (DRPK) state-sponsored ransomware activity.
The NCSC has published broader guidance on how to protect against ransomware attacks.
Call for views on strengthening software resilience
The UK government is inviting organisations and businesses with an interest in software security and digital supply chains to take part in a consultation.
The request is for organisations to share views about how and where the government can share expertise and resources to address the cyber risks from software, as well as where the responsibilities should lie.
The overall aim is to help understand how to address the risk from software, the impact of which was seen in the SolarWinds incident and Log4j vulnerabilities, to ultimately create a more resilient digital environment.
The survey is open until 1 May 2023.