U.S. cybersecurity agency: These are steps to mitigate ransomware risk on file-transfer software
U.S. cybersecurity officials have warned a Russian cyber-extortion gang’s hack of a file-transfer program popular with corporations could have widespread global impact. In Georgia, the victims may include the University System of Georgia, among others.
The hack attributed to the Cl0p ransomware syndicate is aimed at users of the MOVEit Secure File Transfer and Automation software.
In a joint advisory issued June 7, the U.S. Cybersecurity and Infrastructure Security Agency and FBI said Cl0p “is estimated to have “compromised more than 3,000 U.S.-based organizations and 8,000 global organizations.”
“Due to the speed and ease (with which it) has exploited this vulnerability, and based on their past campaigns, FBI and CISA expect to see widespread exploitation of unpatched software services in both private and public networks.”
Cl0p claims it does not extort governments, cities or police agencies, but cybersecurity experts say that’s likely a tactic to try to avoid direct conflict with law enforcement and that the financially motivated gang can’t be trusted to keep its promise to erase data stolen from those targets.
Here are some of the steps the U.S. advisory recommended to minimize the risk to customers of the MoveIt software:
- Take an inventory of assets and data, identifying authorized and unauthorized devices and software.
- Grant admin privileges and access only when necessary, establishing a software allow list that only executes legitimate applications.
- Monitor network ports, protocols and services, activating security configurations on network infrastructure devices such as firewalls and routers.
- Regularly patch and update software and applications to their latest versions, and conduct regular vulnerability assessments.
This is a developing story. Return to ajc.com for updates
