Uptick in Ransomware Infections Reported to the NJCCIC

Recently, there has been an increase in the number of ransomware incidents reported to the NJCCIC. No particular variant was observed more than others; however, in all cases, the infection vector appears to be a malicious email containing a link or attachment or Remote Desktop Protocol (RDP) compromise. Recent ransomware infections have impacted both public and private organizations, resulting in disruptions to daily operations and loss of data. To reduce the impact of a ransomware infection, the NJCCIC advises users and organizations to implement a comprehensive data backup and recovery plan that includes regular testing of backups and storing them off the network in a secure location to ensure data integrity and availability. Additionally, keep all systems and software updated to the latest vendor-supported patch levels to mitigate the exploitation of known vulnerabilities, and take proactive steps to reduce exposure to network compromise via RDP by implementing IP address whitelisting, requiring users to connect via a virtual private network (VPN) through a firewall, and enabling multi-factor authentication. To help detect and prevent email spoofing, a common tactic used by threat actors to make emails appear as if they are coming from trusted contacts, implement Domain-based Message Authentication, Reporting and Conformance (DMARC), Sender Policy Framework (SPF), and DomainKeys Identified Mail (DKIM). For a list of additional ransomware mitigation strategies, please download our two-page guide here. If you are targeted by ransomware, please report the incident to your local police department and to the NJCCIC via the Cyber Incident Report Form on our website.