You are here

FBI Issues Multiple Reports on Current Ransomware Activity

FBI Issues Multiple Reports on Current Ransomware Activity

Created: Friday, October 29, 2021 - 12:07
Categories:
Cybersecurity

FBI FLASH: Tactics, Techniques, and Indicators of Compromise Associated with Hello Kitty/FiveHands Ransomware

The FBI has published a TLP:WHITE FLASH providing tactics, techniques, and indicators of compromise associated with Hello Kitty/Fivehands ransomware. The FLASH indicates that Hello Kitty/Fivehands threat actors, who were first observed in January 2021, aggressively apply pressure to victims usually employing the double extortion technique. And in some instances, if the victim does not respond quickly enough or refuses to pay the ransom, the threat actors will launch a Distributed Denial of Service (DDoS) attack on the victim organization’s public facing website. The FLASH includes further technical details regarding this activity and lists recommended mitigations.

FBI Private Industry Notification: Ransomware Actors Use Significant Financial Events and Stock Valuation to Facilitate Targeting and Extortion of Victims

The FBI has published a TLP:WHITE Private Industry Notification (PIN) underscoring that ransomware actors are very likely leveraging significant financial events and stock valuation to facilitate targeting and extortion of victims. According to the PIN, “Impending events that could affect a victim’s stock value, such as announcements, mergers, and acquisitions, encourage ransomware actors to target a network or adjust their timeline for extortion where access is established.” The PIN also details multiple instances of ransomware actors in the wild using financial events and information to aid in their target acquisition and selection process. The PIN lists recommended mitigations and encourages readers to access CISA and MS-ISAC’s Joint Ransomware guide, the joint advisory from Australia, Canada, New Zealand, the United Kingdom, and the United States on Technical Approaches to Uncovering and Remediating Malicious Activity, and StopRansomware.gov.

As always, members are encouraged to report suspicious or criminal activity to their local FBI field office or the FBI’s 24/7 CyberWatch (CyWatch) at (855)292-3937 or [email protected].

WaterISAC Incident Reporting
Additionally, WaterISAC encourages any members who have experienced malicious or suspicious activity to email [email protected], call 866-H2O-ISAC, or use the online incident reporting form.