FBI confirm Cuba Ransomware Group are targeting US financial services industry
The FBI and CISA have released a joint statement about the threat of the Cuba ransomware group.
The Cuba Ransomware Group, who have no known association with the Republic of Cuba, is an active group that use ransomware to steal data, encrypt it, and demand that victims pay a certain amount to have their data released back to them. To date they have demanded over 145 million in ransomware payments.
The FBI have noted that the group are currently targeting US entities in the following five critical infrastructure sectors: Financial Services, Government Facilities, Healthcare and Public Health, Critical Manufacturing, and Information Technology.
Are US accounting and bookkeeping firms vulnerable?
Yes, the group poses a very real risk to financial services firms. The hackers are known for exploiting these 4 vulnerabilities in particular:
- Known vulnerabilities in commercial software
- Phishing email campaigns
- Compromised credentials
- Legitimate remote desktop protocol (RDP) tools
The ransomware group have hacked more than 100 organizations and have demanded more than $145 million in ransom payments. To date, they have received over $60 million in ransom payments.
As accounting and bookkeeping firms are at risk, it’s important for firms like yourself to know what steps to take to mitigate this threat.
How to mitigate the risk of ransomware at your accounting firm:
- Require multifactor authentication for all services possible. As accounting firms have access to client data via email or through bank logins, we recommend that firms take steps to ensure MFA is enabled for email, virtual private networks, and accounts that access critical systems.
Learn how Practice Protect secures email systems and sensitive cloud applications here. - Secure passwords in line with the National Institute for Standards and Technology (NIST). The standards for developing and managing password policies are as follows:
- Use passwords that are more than 8 characters in length
- Ensure your password manager or identity access software is encrypting passwords
- Avoid reusing passwords
- Implement multiple failed login attempt lockouts
All these policies are easily implemented with Practice Protect’s Access Hub. Learn more here.
- Keep all software and operating systems up to date. Software and operating system developers regularly push out updates that ‘patch’ any vulnerabilities that can be exploited by cybercriminals. Updating your firm’s software and operating systems on all devices that access client data is best practice.
- Apply time-based access for accounts at the admin level or higher. This measure ensures accounts aren’t accessed at times outside of business hours. Time lock, Geo lock, and IP lock policies all help to mitigate the risk of ransomware.
At Practice Protect, we have a holistic cybersecurity solution that over 20,000 accountants worldwide use to secure their data. Talk with our team to learn more.