Ransomware Continues to Gain Momentum
Ransomware continues to dominate the threat landscape, posing significant risks to organizations. The NJCCIC continues to receive reports of ransomware incidents impacting New Jersey private and public sector organizations, including educational institutions and local governments. Fog ransomware and 3AM ransomware are two significant variants that have emerged in the past year. They continue to gain momentum and will likely remain among the top threats in 2025.
Fog ransomware, a variant of the STOP/DJVU family, emerged in early May 2024 and primarily targets Windows and Linux endpoints in education, recreation, travel, and manufacturing in the United States. By early fall, there was an uptick in Fog ransomware incidents that included these and other high-value industries. It leverages compromised VPN credentials to gain access to victim environments.
In late 2023, 3AM (or ThreeAM) ransomware emerged as a secondary option after threat actors failed to deploy LockBit ransomware. The tactics, techniques, and procedures (TTPs) of 3AM are possibly tied to Zeon, Conti, IcedID, and Ta505/Evil Corp. They typically target manufacturing, healthcare, construction, lodging, mining, and agriculture in the United States. Like Fog ransomware, there was an uptick in 3AM ransomware incidents in early fall.
What Should You Do?
- Refrain from clicking links, responding to, or acting on unsolicited emails.
- Navigate directly to legitimate websites and verify before submitting account credentials or providing personal or financial information.
- Use strong, unique passwords for all accounts and enable multi-factor authentication (MFA) where available, choosing authentication apps or hardware tokens over SMS text-based codes.
- Keep systems up to date and apply patches after appropriate testing.
Leave A Comment