CISA Releases Joint Advisory on RansomHub Ransomware - 20240830001

Overview

The Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), the Multi-State Information Sharing and Analysis Center (MS-ISAC), and the Department of Health and Human Services (HHS) released joint Cybersecurity Advisory (CSA) #StopRansomware: RansomHub Ransomware, detailing its indicators of compromise (IOCs) and tactics, techniques, and procedures (TTPs). RansomHub, previously known as Cyclops and Knight, has become a successful ransomware-as-a-service model, attracting affiliates from other major variants like LockBit and ALPHV.

What has been observed?

CISA added this vulnerabilty based on CVEs observed Cybersecurity Alerts & Advisories catalog on August 28, 2024.

There is no evidence of exploitation affecting Western Australian Government networks at the time of publishing.

Recommendation

The WA SOC recommends administrators perform a scan for the IOCs included and apply the mitigations as per CISA instructions.

Immediate action to take includes:

1. Secure and closely monitor Remote Desktop Protocol (RDP).
2. Maintain offline backups of data, and regularly maintain backup and restoration.
3. Enable and enforce phishing-resistant multifactor authentication (MFA).